From 40c5be32acf199c54bc37c4c0a4ef093d4f28e7e Mon Sep 17 00:00:00 2001
From: Hyunyoung Cho <zerohch0@gmail.com>
Date: Fri, 17 Jan 2020 00:52:29 +0900
Subject: [PATCH 01/10] Fix: narrow down the words start with "on" and end with
 "="

---
 lib/helpers/isValidXss.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/helpers/isValidXss.js b/lib/helpers/isValidXss.js
index 3c834a7cfa..5ecbe3131d 100644
--- a/lib/helpers/isValidXss.js
+++ b/lib/helpers/isValidXss.js
@@ -1,7 +1,7 @@
 'use strict';
 
 module.exports = function isValidXss(requestURL) {
-  var xssRegex = /(\b)(on\w+)=|javascript|(<\s*)(\/*)script/gi;
+  var xssRegex = /(\b)on(click|error|load|mouse\w+|key\w+)=|javascript|(<\s*)(\/*)script/gi;
   return xssRegex.test(requestURL);
 };
 

From 3a0d3c3c40aca7c3351b33be4caeff2ae73e8fac Mon Sep 17 00:00:00 2001
From: Hyunyoung Cho <zerohch0@gmail.com>
Date: Fri, 17 Jan 2020 00:53:50 +0900
Subject: [PATCH 02/10] Test for Fix: #2670

---
 test/specs/helpers/isValidXss.spec.js | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/test/specs/helpers/isValidXss.spec.js b/test/specs/helpers/isValidXss.spec.js
index dcfcf9d772..89be10b143 100644
--- a/test/specs/helpers/isValidXss.spec.js
+++ b/test/specs/helpers/isValidXss.spec.js
@@ -8,10 +8,13 @@ describe('helpers::isValidXss', function () {
     expect(isValidXss("<img src='/' onerror='javascript:alert('xss')'>xss</script>")).toBe(true);
     expect(isValidXss("<script>console.log('XSS')</script>")).toBe(true);
     expect(isValidXss("onerror=alert('XSS')")).toBe(true);
+    expect(isValidXss("onmouseover=alert('XSS')")).toBe(true);
+    expect(isValidXss("onkeyup=alert('XSS')")).toBe(true);
     expect(isValidXss("<a onclick='alert('XSS')'>Click Me</a>")).toBe(true);
   });
 
   it('should not detect non script tags', function() {
+    expect(isValidXss("only=true")).toBe(false);
     expect(isValidXss("/one/?foo=bar")).toBe(false);
     expect(isValidXss("<safe> tags")).toBe(false);
     expect(isValidXss("<safetag>")).toBe(false);

From 589088a53acb37367cf63988758cb39ba84c46a1 Mon Sep 17 00:00:00 2001
From: Hyunyoung Cho <zerohch0@gmail.com>
Date: Fri, 17 Jan 2020 01:01:45 +0900
Subject: [PATCH 03/10] Add: focus series, change, blur, input, drag, resize

---
 lib/helpers/isValidXss.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/helpers/isValidXss.js b/lib/helpers/isValidXss.js
index 5ecbe3131d..3ec6c9469d 100644
--- a/lib/helpers/isValidXss.js
+++ b/lib/helpers/isValidXss.js
@@ -1,7 +1,7 @@
 'use strict';
 
 module.exports = function isValidXss(requestURL) {
-  var xssRegex = /(\b)on(click|error|load|mouse\w+|key\w+)=|javascript|(<\s*)(\/*)script/gi;
+  var xssRegex = /(\b)on(click|error|load|mouse\w+|key\w+|focus\w?|blur|change|input|drag\w?|resize)=|javascript|(<\s*)(\/*)script/gi;
   return xssRegex.test(requestURL);
 };
 

From 45bbe1ac15f0eb985a987e8d5290a941c4e28516 Mon Sep 17 00:00:00 2001
From: Hyunyoung Cho <zerohch0@gmail.com>
Date: Fri, 17 Jan 2020 01:09:20 +0900
Subject: [PATCH 04/10] Separate eventRegex and JSRegex

---
 lib/helpers/isValidXss.js | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/lib/helpers/isValidXss.js b/lib/helpers/isValidXss.js
index 3ec6c9469d..5ca04300d6 100644
--- a/lib/helpers/isValidXss.js
+++ b/lib/helpers/isValidXss.js
@@ -1,7 +1,8 @@
 'use strict';
 
 module.exports = function isValidXss(requestURL) {
-  var xssRegex = /(\b)on(click|error|load|mouse\w+|key\w+|focus\w?|blur|change|input|drag\w?|resize)=|javascript|(<\s*)(\/*)script/gi;
-  return xssRegex.test(requestURL);
+  var xssEventRegex = /(\b)on(click|error|load|mouse\w+|key\w+|focus\w?|blur|change|input|drag\w?|resize|dbclick|contextmenu|drop|select|message)=/
+  var xssJSRegex = /javascript|(<\s*)(\/*)script/gi;
+  return xssJSRegex.test(requestURL) || xssEventRegex.test(requestURL);
 };
 

From ad4f75a223f7ee00c4bab8b9d76e28c3ebf9e4d0 Mon Sep 17 00:00:00 2001
From: Hyunyoung Cho <zerohch0@gmail.com>
Date: Fri, 17 Jan 2020 01:10:34 +0900
Subject: [PATCH 05/10] Add scroll

---
 lib/helpers/isValidXss.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/helpers/isValidXss.js b/lib/helpers/isValidXss.js
index 5ca04300d6..951240ee62 100644
--- a/lib/helpers/isValidXss.js
+++ b/lib/helpers/isValidXss.js
@@ -1,7 +1,7 @@
 'use strict';
 
 module.exports = function isValidXss(requestURL) {
-  var xssEventRegex = /(\b)on(click|error|load|mouse\w+|key\w+|focus\w?|blur|change|input|drag\w?|resize|dbclick|contextmenu|drop|select|message)=/
+  var xssEventRegex = /(\b)on(click|error|load|mouse\w+|key\w+|focus\w?|blur|change|input|drag\w?|resize|dbclick|contextmenu|drop|select|message|scroll)=/;
   var xssJSRegex = /javascript|(<\s*)(\/*)script/gi;
   return xssJSRegex.test(requestURL) || xssEventRegex.test(requestURL);
 };

From 17f9ca09dace910b50c96cca1f029f66a1b633a9 Mon Sep 17 00:00:00 2001
From: Hyunyoung Cho <zerohch0@gmail.com>
Date: Fri, 17 Jan 2020 01:17:09 +0900
Subject: [PATCH 06/10] For #2646

---
 lib/helpers/isValidXss.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/helpers/isValidXss.js b/lib/helpers/isValidXss.js
index 951240ee62..52352ffbf9 100644
--- a/lib/helpers/isValidXss.js
+++ b/lib/helpers/isValidXss.js
@@ -2,7 +2,7 @@
 
 module.exports = function isValidXss(requestURL) {
   var xssEventRegex = /(\b)on(click|error|load|mouse\w+|key\w+|focus\w?|blur|change|input|drag\w?|resize|dbclick|contextmenu|drop|select|message|scroll)=/;
-  var xssJSRegex = /javascript|(<\s*)(\/*)script/gi;
+  var xssJSRegex = /javascript:|(<\s*)(\/*)script/gi;
   return xssJSRegex.test(requestURL) || xssEventRegex.test(requestURL);
 };
 

From f8e3f69871bf895c55676378f525f2a09d378817 Mon Sep 17 00:00:00 2001
From: Hyunyoung Cho <zerohch0@gmail.com>
Date: Fri, 17 Jan 2020 01:18:22 +0900
Subject: [PATCH 07/10] For #2646

---
 test/specs/helpers/isValidXss.spec.js | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/test/specs/helpers/isValidXss.spec.js b/test/specs/helpers/isValidXss.spec.js
index 89be10b143..77585a544d 100644
--- a/test/specs/helpers/isValidXss.spec.js
+++ b/test/specs/helpers/isValidXss.spec.js
@@ -14,6 +14,9 @@ describe('helpers::isValidXss', function () {
   });
 
   it('should not detect non script tags', function() {
+    expect(isValidXss("javascript.com")).toBe(false);
+    expect(isValidXss("abc.com/javascript/path")).toBe(false);
+    expect(isValidXss("abc.com?tag=javascript")).toBe(false);
     expect(isValidXss("only=true")).toBe(false);
     expect(isValidXss("/one/?foo=bar")).toBe(false);
     expect(isValidXss("<safe> tags")).toBe(false);

From 428ed5259b4fd5e01c715cafa293e467deff7a80 Mon Sep 17 00:00:00 2001
From: Hyunyoung Cho <zerohch0@gmail.com>
Date: Fri, 17 Jan 2020 01:32:21 +0900
Subject: [PATCH 08/10] Add touch events

---
 lib/helpers/isValidXss.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/helpers/isValidXss.js b/lib/helpers/isValidXss.js
index 52352ffbf9..58ebd7ca6e 100644
--- a/lib/helpers/isValidXss.js
+++ b/lib/helpers/isValidXss.js
@@ -1,7 +1,7 @@
 'use strict';
 
 module.exports = function isValidXss(requestURL) {
-  var xssEventRegex = /(\b)on(click|error|load|mouse\w+|key\w+|focus\w?|blur|change|input|drag\w?|resize|dbclick|contextmenu|drop|select|message|scroll)=/;
+  var xssEventRegex = /(\b)on(click|error|load|mouse\w+|key\w+|focus\w?|blur|change|input|drag\w?|touch\w+|resize|dbclick|contextmenu|drop|select|message|scroll)=/;
   var xssJSRegex = /javascript:|(<\s*)(\/*)script/gi;
   return xssJSRegex.test(requestURL) || xssEventRegex.test(requestURL);
 };

From fddcc241fcde4ca3b65967bb6773ee265960202f Mon Sep 17 00:00:00 2001
From: Hyunyoung Cho <zerohch0@gmail.com>
Date: Fri, 17 Jan 2020 07:28:49 +0900
Subject: [PATCH 09/10] Add gi flag

---
 lib/helpers/isValidXss.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/helpers/isValidXss.js b/lib/helpers/isValidXss.js
index 58ebd7ca6e..109756be08 100644
--- a/lib/helpers/isValidXss.js
+++ b/lib/helpers/isValidXss.js
@@ -1,7 +1,7 @@
 'use strict';
 
 module.exports = function isValidXss(requestURL) {
-  var xssEventRegex = /(\b)on(click|error|load|mouse\w+|key\w+|focus\w?|blur|change|input|drag\w?|touch\w+|resize|dbclick|contextmenu|drop|select|message|scroll)=/;
+  var xssEventRegex = /(\b)on(click|error|load|mouse\w+|key\w+|focus\w?|blur|change|input|drag\w?|touch\w+|resize|dbclick|contextmenu|drop|select|message|scroll)=/gi;
   var xssJSRegex = /javascript:|(<\s*)(\/*)script/gi;
   return xssJSRegex.test(requestURL) || xssEventRegex.test(requestURL);
 };

From 8506b907078613b4cc218a55e7ac0b1f40081043 Mon Sep 17 00:00:00 2001
From: Hyunyoung Cho <zerohch0@gmail.com>
Date: Fri, 17 Jan 2020 07:37:00 +0900
Subject: [PATCH 10/10] Test for case insensitive issue

---
 test/specs/helpers/isValidXss.spec.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/specs/helpers/isValidXss.spec.js b/test/specs/helpers/isValidXss.spec.js
index 77585a544d..52f68d7a79 100644
--- a/test/specs/helpers/isValidXss.spec.js
+++ b/test/specs/helpers/isValidXss.spec.js
@@ -8,7 +8,7 @@ describe('helpers::isValidXss', function () {
     expect(isValidXss("<img src='/' onerror='javascript:alert('xss')'>xss</script>")).toBe(true);
     expect(isValidXss("<script>console.log('XSS')</script>")).toBe(true);
     expect(isValidXss("onerror=alert('XSS')")).toBe(true);
-    expect(isValidXss("onmouseover=alert('XSS')")).toBe(true);
+    expect(isValidXss("onMouseOver=alert('XSS')")).toBe(true);
     expect(isValidXss("onkeyup=alert('XSS')")).toBe(true);
     expect(isValidXss("<a onclick='alert('XSS')'>Click Me</a>")).toBe(true);
   });