12
12
12This vector performs normalization and compares to see if the characters get normalized into path traversal characters
const charsToCheck = ["\\","/","."];0x0D
const normalizationForms = ["NFKC", "NFC", "NFD", "NFKD"];$[i] > 0x7f && normalizationForms.forEach(form => {0x0D
const normalized = String.fromCodePoint($[i]).normalize(form);0x0D
for(let charToCheck of charsToCheck) {0x0D
if(charToCheck === normalized) {0x0D
log(String.fromCodePoint($[i])+"("+form+")"+"="+charToCheck);0x0D
}0x0D
}0x0D
})0 > 0x7f && normalizationForms.forEach(form => {0x0D
const normalized = String.fromCodePoint(0).normalize(form);0x0D
for(let charToCheck of charsToCheck) {0x0D
if(charToCheck === normalized) {0x0D
alert(String.fromCodePoint(0)+"("+form+")"+"="+charToCheck);0x0D
}0x0D
}0x0D
})