Skip to content

Commit

Permalink
fix: Added an experimental fix for an mXSS detection regex
Browse files Browse the repository at this point in the history
  • Loading branch information
@cure53
cure53 committed Feb 17, 2025
1 parent 1c1b183 commit 620b18b
Show file tree
Hide file tree
Showing 5 changed files with 6 additions and 6 deletions.
2 changes: 1 addition & 1 deletion dist/purify.cjs.js
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion dist/purify.es.mjs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -901,7 +901,7 @@ function createDOMPurify() {
allowedTags: ALLOWED_TAGS
});
/* Detect mXSS attempts abusing namespace confusion */
if (currentNode.hasChildNodes() && !_isNode(currentNode.firstElementChild) && regExpTest(/<[/\w]/g, currentNode.innerHTML) && regExpTest(/<[/\w]/g, currentNode.textContent)) {
if (currentNode.hasChildNodes() && !_isNode(currentNode.firstElementChild) && regExpTest(/<[/\w!]/g, currentNode.innerHTML) && regExpTest(/<[/\w!]/g, currentNode.textContent)) {
_forceRemove(currentNode);
return true;
}
Expand Down
2 changes: 1 addition & 1 deletion dist/purify.js
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

0 comments on commit 620b18b

Please sign in to comment.