Skip to content

Commit

Permalink
fix: Fixed two conditional bypasses discovered by @parrot409 and @Slo…
Browse files Browse the repository at this point in the history
cure53 committed Dec 6, 2024

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
1 parent 193eef2 commit f7120a3
Showing 10 changed files with 33 additions and 33 deletions.
14 changes: 7 additions & 7 deletions dist/purify.cjs.js

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion dist/purify.cjs.js.map

Large diffs are not rendered by default.

14 changes: 7 additions & 7 deletions dist/purify.es.js

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion dist/purify.es.js.map

Large diffs are not rendered by default.

14 changes: 7 additions & 7 deletions dist/purify.js

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion dist/purify.js.map

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion dist/purify.min.js

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion dist/purify.min.js.map

Large diffs are not rendered by default.

12 changes: 6 additions & 6 deletions src/purify.js
Original file line number Diff line number Diff line change
@@ -1370,6 +1370,9 @@ function createDOMPurify(window = getGlobal()) {
/* Execute a hook if present */
_executeHook('uponSanitizeShadowNode', shadowNode, null);

/* Check attributes first */
_sanitizeAttributes(shadowNode);

/* Sanitize tags and elements */
if (_sanitizeElements(shadowNode)) {
continue;
@@ -1379,9 +1382,6 @@ function createDOMPurify(window = getGlobal()) {
if (shadowNode.content instanceof DocumentFragment) {
_sanitizeShadowDOM(shadowNode.content);
}

/* Check attributes, sanitize if necessary */
_sanitizeAttributes(shadowNode);
}

/* Execute a hook if present */
@@ -1515,6 +1515,9 @@ function createDOMPurify(window = getGlobal()) {
continue;
}

/* Check attributes first */
_sanitizeAttributes(currentNode);

/* Sanitize tags and elements */
if (_sanitizeElements(currentNode)) {
continue;
@@ -1525,9 +1528,6 @@ function createDOMPurify(window = getGlobal()) {
_sanitizeShadowDOM(currentNode.content);
}

/* Check attributes, sanitize if necessary */
_sanitizeAttributes(currentNode);

oldNode = currentNode;
}

2 changes: 1 addition & 1 deletion src/regexp.js
Original file line number Diff line number Diff line change
@@ -4,7 +4,7 @@ import { seal } from './utils.js';
export const MUSTACHE_EXPR = seal(/\{\{[\w\W]*|[\w\W]*\}\}/gm); // Specify template detection regex for SAFE_FOR_TEMPLATES mode
export const ERB_EXPR = seal(/<%[\w\W]*|[\w\W]*%>/gm);
export const TMPLIT_EXPR = seal(/\${[\w\W]*}/gm);
export const DATA_ATTR = seal(/^data-[\-\w.\u00B7-\uFFFF]/); // eslint-disable-line no-useless-escape
export const DATA_ATTR = seal(/^data-[\-\w.\u00B7-\uFFFF]+$/); // eslint-disable-line no-useless-escape
export const ARIA_ATTR = seal(/^aria-[\-\w]+$/); // eslint-disable-line no-useless-escape
export const IS_ALLOWED_URI = seal(
/^(?:(?:(?:f|ht)tps?|mailto|tel|callto|cid|xmpp):|[^a-z]|[a-z+.\-]+(?:[^a-z+.\-:]|$))/i // eslint-disable-line no-useless-escape

0 comments on commit f7120a3

Please sign in to comment.