fix: Improper regex escaping results in certain links and forms not getting signed #2

brettflorio · 2022-02-14T19:32:51Z

A form like this won't be signed:

<form method="POST" action="https://example.foxycart.com/cart">
  <input name="name" value="tart">
  <input name="price" value="10">
  <input name="code" value="sub">
  <select name="sub_frequency">
    <option value="1m{p-10%}">Monthly</option>
    <option value="2m{p-1%}">Every other Month
    </option>
  </select>
  <input type="submit" value="Add Sub to cart">
</form>

Issue is incorrectly escaped regex in https://github.com/Foxy/foxy-cloudflare-addtocart-signing/blob/main/src/Signer.ts#L181

Similarly, https://github.com/Foxy/foxy-cloudflare-addtocart-signing/blob/main/src/Signer.ts#L125 has an unescaped ? that's causing problems with some add-to-cart links. (As well as a double-escaped slash for a backreference.)

The text was updated successfully, but these errors were encountered:

Refs #2

brettflorio added the bug Something isn't working label Feb 14, 2022

brettflorio assigned brettflorio and rijarobinson Feb 14, 2022

brettflorio added a commit that referenced this issue Feb 14, 2022

fix unescaped ? and incorrectly escaped backreferences

0fc4136

Refs #2

brettflorio mentioned this issue Feb 14, 2022

fix: correct unescaped and incorrectly escaped characters #3

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix: Improper regex escaping results in certain links and forms not getting signed #2

fix: Improper regex escaping results in certain links and forms not getting signed #2

brettflorio commented Feb 14, 2022 •

edited

Loading

fix: Improper regex escaping results in certain links and forms not getting signed #2

fix: Improper regex escaping results in certain links and forms not getting signed #2

Comments

brettflorio commented Feb 14, 2022 • edited Loading

brettflorio commented Feb 14, 2022 •

edited

Loading