cure53
diff --git a/‎dist/purify.cjs.js‎
Lines changed: 5 additions & 0 deletions b/‎dist/purify.cjs.js‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎dist/purify.cjs.js.map‎
Lines changed: 1 addition & 1 deletion b/‎dist/purify.cjs.js.map‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎dist/purify.es.mjs‎
Lines changed: 5 additions & 0 deletions b/‎dist/purify.es.mjs‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎dist/purify.es.mjs.map‎
Lines changed: 1 addition & 1 deletion b/‎dist/purify.es.mjs.map‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎dist/purify.js‎
Lines changed: 5 additions & 0 deletions b/‎dist/purify.js‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎dist/purify.js.map‎
Lines changed: 1 addition & 1 deletion b/‎dist/purify.js.map‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎dist/purify.min.js‎
Lines changed: 1 addition & 1 deletion b/‎dist/purify.min.js‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎dist/purify.min.js.map‎
Lines changed: 1 addition & 1 deletion b/‎dist/purify.min.js.map‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/purify.ts‎
Lines changed: 13 additions & 0 deletions b/‎src/purify.ts‎
Lines changed: 13 additions & 0 deletions
diff --git a/‎test/test-suite.js‎
Lines changed: 7 additions & 7 deletions b/‎test/test-suite.js‎
Lines changed: 7 additions & 7 deletions
@@ -913,6 +913,11 @@ function createDOMPurify() {
       _forceRemove(currentNode);
       return true;
     }
+    /* Remove any kind of possibly harmful rawtext elements */
+    if (SAFE_FOR_XML && currentNode.hasChildNodes() && regExpTest(/<\/(style|script|xmp|iframe|noembed|noframes|plaintext|noscript)/gi, currentNode.textContent)) {
+      _forceRemove(currentNode);
+      return true;
+    }
     /* Remove any kind of possibly harmful comments */
     if (SAFE_FOR_XML && currentNode.nodeType === NODE_TYPE.comment && regExpTest(/<[/\w]/g, currentNode.data)) {
       _forceRemove(currentNode);
 
@@ -1061,6 +1061,19 @@ function createDOMPurify(window: WindowLike = getGlobal()): DOMPurify {
       return true;
     }
 
+    /* Remove any kind of possibly harmful rawtext elements */
+    if (
+      SAFE_FOR_XML &&
+      currentNode.hasChildNodes() &&
+      regExpTest(
+        /<\/(style|script|xmp|iframe|noembed|noframes|plaintext|noscript)/gi,
+        currentNode.textContent
+      )
+    ) {
+      _forceRemove(currentNode);
+      return true;
+    }
+
     /* Remove any kind of possibly harmful comments */
     if (
       SAFE_FOR_XML &&
 
@@ -278,23 +278,23 @@
           ),
           '<a>123</a><option></option>'
         );
-        assert.equal(
+        assert.contains(
           DOMPurify.sanitize(
             '<option><style></option></select><b><img src=xx: onerror=alert(1)></style></option>'
           ),
-          '<option></option>'
+          ['<option></option>', '']
         );
-        assert.equal(
+        assert.contains(
           DOMPurify.sanitize(
             '<option><iframe></select><b><script>alert(1)</script>'
           ),
-          '<option></option>'
+          ['<option></option>', '']
         );
-        assert.equal(
+        assert.contains(
           DOMPurify.sanitize(
             '<option><iframe></select><b><script>alert(1)</script>'
           ),
-          '<option></option>'
+          ['<option></option>', '']
         );
         assert.equal(
           DOMPurify.sanitize(
@@ -1132,7 +1132,7 @@
     QUnit.test('DOMPurify.removed should be correct', function (assert) {
       var dirty = '<option><iframe></select><b><script>alert(1)</script>';
       DOMPurify.sanitize(dirty);
-      assert.equal(DOMPurify.removed.length, 1);
+      assert.equal(DOMPurify.removed.length, 2);
     });
 
     // Test 8 to check that DOMPurify.removed is correct if tags are clean