Skip to content

Commit fca0a93

Browse files
cure53cure53
committed
fix: Improved the regexes for rawtext tags a bit further
1 parent 918a201 commit fca0a93

File tree

9 files changed

+12
-9
lines changed

9 files changed

+12
-9
lines changed

dist/purify.cjs.js

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

dist/purify.cjs.js.map

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

dist/purify.es.mjs

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1080,7 +1080,7 @@ function createDOMPurify() {
10801080
value = SANITIZE_NAMED_PROPS_PREFIX + value;
10811081
}
10821082
/* Work around a security issue with comments inside attributes */
1083-
if (SAFE_FOR_XML && regExpTest(/((--!?|])>)|<\/(style|title)/i, value)) {
1083+
if (SAFE_FOR_XML && regExpTest(/((--!?|])>)|<\/(style|title|textarea)/i, value)) {
10841084
_removeAttribute(name, currentNode);
10851085
continue;
10861086
}

dist/purify.es.mjs.map

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

dist/purify.js

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

dist/purify.js.map

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

dist/purify.min.js

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

dist/purify.min.js.map

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

src/purify.ts

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1333,7 +1333,10 @@ function createDOMPurify(window: WindowLike = getGlobal()): DOMPurify {
13331333
}
13341334

13351335
/* Work around a security issue with comments inside attributes */
1336-
if (SAFE_FOR_XML && regExpTest(/((--!?|])>)|<\/(style|title)/i, value)) {
1336+
if (
1337+
SAFE_FOR_XML &&
1338+
regExpTest(/((--!?|])>)|<\/(style|title|textarea)/i, value)
1339+
) {
13371340
_removeAttribute(name, currentNode);
13381341
continue;
13391342
}

0 commit comments

Comments
 (0)