Fix xss vulnerability in origin save
Summary:
Related T1690
Added client side xss filter
Save code now is vulnerable to XSS attack.
Steps to reproduce-
Remove the validation from client side (with dev tools) Enter this url in origin urlhttps://github.com/%3Cscript%3Ealert(document.domain);%3C/script%3E
We should add more validations at the server side to prevent such urls from entering into the database.
For server side validations, I was thinking of preventing regex /.*(%3C).*(%3E)/ and /.*(javascript:).*/ There may be a few more cases we need to take care of.
Or should we check if the url returns 200 or not before entering it to the table.
Reviewers: Reviewers, anlambert
Reviewed By: Reviewers, anlambert
Subscribers: anlambert, vlorentz
Differential Revision: https://forge.softwareheritage.org/D1433