Skip to content

Commit

Permalink
fix: cherry-picked fixes for XML & CE bypass
Browse files Browse the repository at this point in the history
  • Loading branch information
@cure53
cure53 committed Mar 19, 2024
1 parent ef731c0 commit f0e75b0
Show file tree
Hide file tree
Showing 10 changed files with 675 additions and 1,261 deletions.
639 changes: 221 additions & 418 deletions dist/purify.cjs.js
View file

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion dist/purify.cjs.js.map
View file

Large diffs are not rendered by default.

639 changes: 221 additions & 418 deletions dist/purify.es.js
View file

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion dist/purify.es.js.map
View file

Large diffs are not rendered by default.

639 changes: 221 additions & 418 deletions dist/purify.js
View file

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion dist/purify.js.map
View file

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion dist/purify.min.js
View file

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion dist/purify.min.js.map
View file

Large diffs are not rendered by default.

8 changes: 6 additions & 2 deletions src/purify.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -167,6 +167,7 @@ function createDOMPurify(window = getGlobal()) {
ARIA_ATTR,
IS_SCRIPT_OR_DATA,
ATTR_WHITESPACE,
CUSTOM_ELEMENT,
} = EXPRESSIONS;

let { IS_ALLOWED_URI } = EXPRESSIONS;
Expand Down Expand Up @@ -889,7 +890,10 @@ function createDOMPurify(window = getGlobal()) {
root.ownerDocument || root,
root,
// eslint-disable-next-line no-bitwise
NodeFilter.SHOW_ELEMENT | NodeFilter.SHOW_COMMENT | NodeFilter.SHOW_TEXT,
NodeFilter.SHOW_ELEMENT |
NodeFilter.SHOW_COMMENT |
NodeFilter.SHOW_TEXT |
NodeFilter.SHOW_PROCESSING_INSTRUCTION,
null,
false
);
Expand Down Expand Up @@ -1185,7 +1189,7 @@ function createDOMPurify(window = getGlobal()) {
* @param {string} tagName name of the tag of the node to sanitize
*/
const _basicCustomElementTest = function (tagName) {
return tagName.indexOf('-') > 0;
return tagName !== 'annotation-xml' && stringMatch(tagName, CUSTOM_ELEMENT);
};

/**
Expand Down
1 change: 1 addition & 0 deletions src/regexp.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,3 +14,4 @@ export const ATTR_WHITESPACE = seal(
/[\u0000-\u0020\u00A0\u1680\u180E\u2000-\u2029\u205F\u3000]/g // eslint-disable-line no-control-regex
);
export const DOCTYPE_NAME = seal(/^html$/i);
export const CUSTOM_ELEMENT = seal(/^[a-z][a-z\d]*(-[a-z\d]+)+$/i);

0 comments on commit f0e75b0

Please sign in to comment.