Question about isValidXss.js

[JinTak]

Describe the issue
I was curious as to why the regex looks for 'on' in the get parameters. I had a parameter called 'onSiteTestComplete=false' but I had to change it to 'isOnSiteTestComplete=false'. Thanks!

https://github.com/axios/axios/blob/master/lib/helpers/isValidXss.js

Environment:

• Axios Version 0.19.0
• OS: OSX 10.15.2 Catlina
• Browser Chrome Version 79.0.3945.117 (Official Build) (64-bit)

[felipecwb]

I got this error too.
My URL: http://localhost:3001/api/management/users?onlyActive=true

The query string part onlyActive= was caught by regex.

Environment:

• Axios Version: 0.19.1
• Firefox Developer Edition 73.0b4 (64-bit)

[315101]

My 2 cents:
axios version: ^0.19.1

• xssRegex.test("https://some.url.com?only=false&foo=false") returns true
• xssRegex.test("https://some.url.com?only=true&foo=false") returns false

[CammyMurrie]

see this bug guys #2646

[skflo60]

Hello !
Same problem here with "?onlyActive"
isValidXss returns true

[chinesedfan]

Duplicate of #2646.