How to fix Dynamically building strings at runtime may introduce security vulnerabilities in ESlint?

Asked Aug 08 '22 at 13:40

Active Aug 08 '22 at 13:40

Viewed 161 times

I am using react and typescript and I ran into this issue with my function

  const FixHighlightedText = (search_text:string, text:string):string => {
    const tokens = search_text.split(' ');
    const token_list = combinations.GetAllCombinations(tokens);
    text = text.replace(/<ddd\/>/g, '');
    for(let i=0; i<token_list.length; i++) {
      text = text.replace(new RegExp(token_list[i], "gi"), (match) => `<b>${match}</b>`);
    }
    return text + "...";
  };

but I get back this warning

[09:35:30] Warning - lint - src\webparts\documentationViewer\components\DocumentationViewer.tsx(147,27): error @rushstack/security/no-unsafe-regexp: Regular expressions should be constructed from string constants. Dynamically building strings at runtime may introduce security vulnerabilities, performance concerns, and bugs involving incorrect escaping of special characters.

How can I resolve this?

asked Aug 08 '22 at 13:40

omega

40,311
81
251
474

https://stackoverflow.com/questions/51710707/es-lint-security-flagging-an-unsafe-regular-expression – Derek Lawrence Aug 08 '22 at 17:21
that does not help – omega Aug 08 '22 at 17:42

How to fix Dynamically building strings at runtime may introduce security vulnerabilities in ESlint?

0 Answers0