Merge pull request #1080 from hhk-png/main

fix: Using ALLOWED_URI_REGEXP with the 'g' flag leads to incorrect result

Author: cure53

dist/purify.cjs.js

@@ -58,6 +58,9 @@ const typeErrorCreate = unconstruct(TypeError);
  */
 function unapply(func) {
   return function (thisArg) {
+    if (thisArg instanceof RegExp) {
+      thisArg.lastIndex = 0;
+    }
     for (var _len = arguments.length, args = new Array(_len > 1 ? _len - 1 : 0), _key = 1; _key < _len; _key++) {
       args[_key - 1] = arguments[_key];
     }

dist/purify.cjs.js.map

@@ -63,7 +63,13 @@ const typeErrorCreate = unconstruct(TypeError);
 function unapply<T>(
   func: (thisArg: any, ...args: any[]) => T
 ): (thisArg: any, ...args: any[]) => T {
-  return (thisArg: any, ...args: any[]): T => apply(func, thisArg, args);
+  return (thisArg: any, ...args: any[]): T => {
+    if (thisArg instanceof RegExp) {
+      thisArg.lastIndex = 0;
+    }
+
+    return apply(func, thisArg, args);
+  };
 }
 
 /**

dist/purify.es.mjs

@@ -2193,5 +2193,15 @@
       let clean = DOMPurify.sanitize(dirty, config);
       assert.contains(clean, expected);
     });
+
+    QUnit.test('Expect the same results when using ALLOWED_URI_REGEXP with the g flag', function (assert) {
+      const dirty  = '<img src="blob:http://localhost:5173/84c49be9-3352-4407-b066-7b5b4d46c52a"><a epub:type="noteref" href="epub:EPUB/xhtml/#footnote"></a><img src="blob:http://localhost:5173/84c49be9-3352-4407" >';
+      const config = { 
+        ALLOWED_URI_REGEXP: /^(blob|https|epub|filepos|kindle)/gi,
+      };
+      const expected = '<img src=\"blob:http://localhost:5173/84c49be9-3352-4407-b066-7b5b4d46c52a\"><a href=\"epub:EPUB/xhtml/#footnote\"></a><img src=\"blob:http://localhost:5173/84c49be9-3352-4407\">';
+      let clean = DOMPurify.sanitize(dirty, config);
+      assert.strictEqual(clean, expected);
+    });
   };
 });