Skip to content

Commit

Permalink
fix: Fixed two conditional bypasses discovered by @parrot409 and @Slo…
Browse files Browse the repository at this point in the history 
…nser
  • Loading branch information
@cure53
cure53 committed Dec 6, 2024
1 parent 193eef2 commit f7120a3
Show file tree
Hide file tree
Showing 10 changed files with 33 additions and 33 deletions.
14 changes: 7 additions & 7 deletions dist/purify.cjs.js
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion dist/purify.cjs.js.map
View file

Large diffs are not rendered by default.

14 changes: 7 additions & 7 deletions dist/purify.es.js
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion dist/purify.es.js.map
View file

Large diffs are not rendered by default.

14 changes: 7 additions & 7 deletions dist/purify.js
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion dist/purify.js.map
View file

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion dist/purify.min.js
View file

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion dist/purify.min.js.map
View file

Large diffs are not rendered by default.

12 changes: 6 additions & 6 deletions src/purify.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1370,6 +1370,9 @@ function createDOMPurify(window = getGlobal()) {
/* Execute a hook if present */
_executeHook('uponSanitizeShadowNode', shadowNode, null);

/* Check attributes first */
_sanitizeAttributes(shadowNode);

/* Sanitize tags and elements */
if (_sanitizeElements(shadowNode)) {
continue;
Expand All @@ -1379,9 +1382,6 @@ function createDOMPurify(window = getGlobal()) {
if (shadowNode.content instanceof DocumentFragment) {
_sanitizeShadowDOM(shadowNode.content);
}

/* Check attributes, sanitize if necessary */
_sanitizeAttributes(shadowNode);
}

/* Execute a hook if present */
Expand Down Expand Up @@ -1515,6 +1515,9 @@ function createDOMPurify(window = getGlobal()) {
continue;
}

/* Check attributes first */
_sanitizeAttributes(currentNode);

/* Sanitize tags and elements */
if (_sanitizeElements(currentNode)) {
continue;
Expand All @@ -1525,9 +1528,6 @@ function createDOMPurify(window = getGlobal()) {
_sanitizeShadowDOM(currentNode.content);
}

/* Check attributes, sanitize if necessary */
_sanitizeAttributes(currentNode);

oldNode = currentNode;
}

Expand Down
2 changes: 1 addition & 1 deletion src/regexp.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ import { seal } from './utils.js';
export const MUSTACHE_EXPR = seal(/\{\{[\w\W]*|[\w\W]*\}\}/gm); // Specify template detection regex for SAFE_FOR_TEMPLATES mode
export const ERB_EXPR = seal(/<%[\w\W]*|[\w\W]*%>/gm);
export const TMPLIT_EXPR = seal(/\${[\w\W]*}/gm);
export const DATA_ATTR = seal(/^data-[\-\w.\u00B7-\uFFFF]/); // eslint-disable-line no-useless-escape
export const DATA_ATTR = seal(/^data-[\-\w.\u00B7-\uFFFF]+$/); // eslint-disable-line no-useless-escape
export const ARIA_ATTR = seal(/^aria-[\-\w]+$/); // eslint-disable-line no-useless-escape
export const IS_ALLOWED_URI = seal(
/^(?:(?:(?:f|ht)tps?|mailto|tel|callto|cid|xmpp):|[^a-z]|[a-z+.\-]+(?:[^a-z+.\-:]|$))/i // eslint-disable-line no-useless-escape
Expand Down

0 comments on commit f7120a3

Please sign in to comment.