From dbc2494e546fe74cb8c153eaf4127bd90cd44866 Mon Sep 17 00:00:00 2001
From: Elijah <business@elijahpepe.com>
Date: Thu, 2 Jun 2022 12:25:59 -0700
Subject: [PATCH] fix: sanitize URLs with vbscript: (#14325)

fix: sanitize URLs with vbscript:

The vbscript: protocols can be used to run scripts in much the same way as the javascript: protocol. This PR adds in validation for those aforementioned protocols in snapshotterInjected.ts and snapshotRenderer.ts.
---
 .../src/server/trace/recorder/snapshotterInjected.ts            | 2 +-
 packages/trace-viewer/src/snapshotRenderer.ts                   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/packages/playwright-core/src/server/trace/recorder/snapshotterInjected.ts b/packages/playwright-core/src/server/trace/recorder/snapshotterInjected.ts
index 4b8798171d..cb86a90f4f 100644
--- a/packages/playwright-core/src/server/trace/recorder/snapshotterInjected.ts
+++ b/packages/playwright-core/src/server/trace/recorder/snapshotterInjected.ts
@@ -218,7 +218,7 @@ export function frameSnapshotStreamer(snapshotStreamer: string) {
     }
 
     private _sanitizeUrl(url: string): string {
-      if (url.startsWith('javascript:'))
+      if (url.startsWith('javascript:') || url.startsWith('vbscript:'))
         return '';
       return url;
     }
diff --git a/packages/trace-viewer/src/snapshotRenderer.ts b/packages/trace-viewer/src/snapshotRenderer.ts
index 00be17b7f1..940e848590 100644
--- a/packages/trace-viewer/src/snapshotRenderer.ts
+++ b/packages/trace-viewer/src/snapshotRenderer.ts
@@ -297,7 +297,7 @@ export function rewriteURLForCustomProtocol(href: string): string {
   try {
     const url = new URL(href);
     // Sanitize URL.
-    if (url.protocol === 'javascript:')
+    if (url.protocol === 'javascript:' || url.protocol === 'vbscript:')
       return 'javascript:void(0)';
 
     // Pass through if possible.