diff --git a/lib/NodeUtils.js b/lib/NodeUtils.js
index 2bef574..24595df 100644
--- a/lib/NodeUtils.js
+++ b/lib/NodeUtils.js
@@ -151,7 +151,6 @@ function escapeMatchingClosingTag(rawText, parentTag) {
}
const CLOSING_COMMENT_REGEXP = /--!?>/;
-const CLOSING_COMMENT_REGEXP_GLOBAL = /--!?>/g;
/**
* Escapes closing comment tag in a comment content.
@@ -164,23 +163,7 @@ function escapeClosingCommentTag(rawContent) {
if (!CLOSING_COMMENT_REGEXP.test(rawContent)) {
return rawContent; // fast path
}
-
- const matches = rawContent.matchAll(CLOSING_COMMENT_REGEXP_GLOBAL);
-
- let result = '';
- let lastIndex = 0;
- for (const match of matches) {
- const lastMatchingCharIndex = match.index + match[0].length;
- result += rawContent.substring(lastIndex, lastMatchingCharIndex) + '>';
- // Skip over the `>` char, since we've replaced it above.
- // Start the next iteration with a char following the `>` one.
- lastIndex = lastMatchingCharIndex + 1;
- }
- // Add remaining contents of a string after the last `>` char.
- if (lastIndex < rawContent.length) {
- result += rawContent.substring(lastIndex);
- }
- return result;
+ return rawContent.replaceAll('-->', '-->').replaceAll('--!>', '--!>');
}
/**
diff --git a/test/xss.js b/test/xss.js
index ab82cd8..872189b 100644
--- a/test/xss.js
+++ b/test/xss.js
@@ -212,6 +212,10 @@ exports.oneRawTextTagInsideAnotherOne = function() {
style.appendChild(xmp);
document.body.appendChild(style);
+ document.body.serialize().should.equal(
+ ''
+ );
+
const html = document.serialize();
return alertFired(html).should.eventually.be.false('alert fired for: ' + html);
}
@@ -224,6 +228,10 @@ exports.xssInAttributeInsideRawTextTag = function() {
xmp.appendChild(div);
document.body.appendChild(xmp);
+ document.body.serialize().should.equal(
+ '<![CDATA[<div title="</xmp><script>alert(1)</script>"></div>]]>'
+ );
+
const html = document.serialize();
return alertFired(html).should.eventually.be.false('alert fired for: ' + html);
}
@@ -235,6 +243,10 @@ exports.commentNodeInsideRawTextTag = function() {
xmp.appendChild(comment);
document.body.appendChild(xmp);
+ document.body.serialize().should.equal(
+ '<![CDATA[<!--</xmp><script>alert(1)</script>-->]]>'
+ );
+
const html = document.serialize();
return alertFired(html).should.eventually.be.false('alert fired for: ' + html);
}
@@ -245,6 +257,10 @@ exports.alternativeEndTagForRawTextTag = function() {
style.textContent = "";
document.body.appendChild(style);
+ document.body.serialize().should.equal(
+ ''
+ );
+
const html = document.serialize();
return alertFired(html).should.eventually.be.false('alert fired for: ' + html);
}
@@ -254,6 +270,10 @@ exports.badCommentNode = function() {
const comment = document.createComment('-->');
document.body.appendChild(comment);
+ document.body.serialize().should.equal(
+ ''
+ );
+
const html = document.serialize();
return alertFired(html).should.eventually.be.false('alert fired for: ' + html);
}
@@ -263,6 +283,10 @@ exports.anotherBadCommentNode = function() {
const comment = document.createComment('--!>');
document.body.appendChild(comment);
+ document.body.serialize().should.equal(
+ ''
+ );
+
const html = document.serialize();
return alertFired(html).should.eventually.be.false('alert fired for: ' + html);
}
@@ -272,6 +296,10 @@ exports.badProcessingInstruction = function() {
const pi = document.createProcessingInstruction("bad", ">");
document.body.appendChild(pi);
+ document.body.serialize().should.equal(
+ ''
+ );
+
const html = document.serialize();
return alertFired(html).should.eventually.be.false('alert fired for: ' + html);
}