Skip to content

Commit ae517d6

Browse files
cure53cure53
committedMay 7, 2024
fix: Expanded the comment scrubbing regex matching a bit further
1 parent b6818ce commit ae517d6

9 files changed

+9
-9
lines changed
 

‎dist/purify.cjs.js

+1-1
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

‎dist/purify.cjs.js.map

+1-1
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

‎dist/purify.es.mjs

+1-1
Original file line numberDiff line numberDiff line change
@@ -1206,7 +1206,7 @@ function createDOMPurify() {
12061206
}
12071207

12081208
/* Work around a security issue with comments inside attributes */
1209-
if (SAFE_FOR_XML && regExpTest(/(--!?|])>/i, value)) {
1209+
if (SAFE_FOR_XML && regExpTest(/((--!?|])>)|<\/style/i, value)) {
12101210
_removeAttribute(name, currentNode);
12111211
continue;
12121212
}

‎dist/purify.es.mjs.map

+1-1
Large diffs are not rendered by default.

‎dist/purify.js

+1-1
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

‎dist/purify.js.map

+1-1
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

‎dist/purify.min.js

+1-1
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

‎dist/purify.min.js.map

+1-1
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

‎src/purify.js

+1-1
Original file line numberDiff line numberDiff line change
@@ -1312,7 +1312,7 @@ function createDOMPurify(window = getGlobal()) {
13121312
}
13131313

13141314
/* Work around a security issue with comments inside attributes */
1315-
if (SAFE_FOR_XML && regExpTest(/(--!?|])>/i, value)) {
1315+
if (SAFE_FOR_XML && regExpTest(/((--!?|])>)|<\/style/i, value)) {
13161316
_removeAttribute(name, currentNode);
13171317
continue;
13181318
}

0 commit comments

Comments
 (0)