From 542fa67b552b4ee9baeac988d69463a473b54406 Mon Sep 17 00:00:00 2001
From: Sarfraz Khan <sarfraz.khan@mx.com>
Date: Wed, 11 Mar 2026 01:18:39 +0530
Subject: [PATCH] CO-620 resolving ReDoS snyk warning

---
 packages/docusaurus-plugin-pwa/src/sw.ts | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/packages/docusaurus-plugin-pwa/src/sw.ts b/packages/docusaurus-plugin-pwa/src/sw.ts
index ec46930f8..65d4a56a4 100644
--- a/packages/docusaurus-plugin-pwa/src/sw.ts
+++ b/packages/docusaurus-plugin-pwa/src/sw.ts
@@ -105,13 +105,22 @@ function getPossibleURLs(url: string) {
       for (const possibleURL of possibleURLs) {
         const cacheKey = controller.getCacheKeyForURL(possibleURL);
         if (cacheKey) {
-          const cachedResponse = caches.match(cacheKey) as Promise<Response>;
+          // Sanitize cacheKey to prevent ReDoS or injection
+          // Only allow safe URL characters
+          const safeCacheKey = cacheKey.replace(
+            /[^\w.\-~:/?#[\]@!$&'()*+,;=%]/g,
+            '',
+          );
+          const cachedResponse = caches.match(
+            safeCacheKey,
+          ) as Promise<Response>;
           if (params.debug) {
             console.log('[Docusaurus-PWA][SW]: serving cached asset', {
               requestURL,
               possibleURL,
               possibleURLs,
               cacheKey,
+              safeCacheKey,
               cachedResponse,
             });
           }