Skip to content

Commit 620b18b

Browse files
cure53cure53
committed
fix: Added an experimental fix for an mXSS detection regex
1 parent 1c1b183 commit 620b18b

File tree

5 files changed

+6
-6
lines changed

5 files changed

+6
-6
lines changed

dist/purify.cjs.js

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

dist/purify.es.mjs

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -901,7 +901,7 @@ function createDOMPurify() {
901901
allowedTags: ALLOWED_TAGS
902902
});
903903
/* Detect mXSS attempts abusing namespace confusion */
904-
if (currentNode.hasChildNodes() && !_isNode(currentNode.firstElementChild) && regExpTest(/<[/\w]/g, currentNode.innerHTML) && regExpTest(/<[/\w]/g, currentNode.textContent)) {
904+
if (currentNode.hasChildNodes() && !_isNode(currentNode.firstElementChild) && regExpTest(/<[/\w!]/g, currentNode.innerHTML) && regExpTest(/<[/\w!]/g, currentNode.textContent)) {
905905
_forceRemove(currentNode);
906906
return true;
907907
}

dist/purify.js

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)