Skip to content

Commit

Permalink
chore: Migrated relevant changes from main over to 2.x
Browse files Browse the repository at this point in the history
  • Loading branch information
@cure53
cure53 committed Apr 30, 2024
1 parent f275c0b commit fc9f702
Show file tree
Hide file tree
Showing 11 changed files with 44 additions and 37 deletions.
12 changes: 7 additions & 5 deletions dist/purify.cjs.js
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion dist/purify.cjs.js.map
View file

Large diffs are not rendered by default.

12 changes: 7 additions & 5 deletions dist/purify.es.js
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion dist/purify.es.js.map
View file

Large diffs are not rendered by default.

12 changes: 7 additions & 5 deletions dist/purify.js
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion dist/purify.js.map
View file

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion dist/purify.min.js
View file

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion dist/purify.min.js.map
View file

Large diffs are not rendered by default.

18 changes: 8 additions & 10 deletions src/purify.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -621,8 +621,6 @@ function createDOMPurify(window = getGlobal()) {

const HTML_INTEGRATION_POINTS = addToSet({}, [
'foreignobject',
'desc',
'title',
'annotation-xml',
]);

Expand Down Expand Up @@ -1376,17 +1374,17 @@ function createDOMPurify(window = getGlobal()) {
continue;
}

const parentNode = getParentNode(shadowNode);

/* Set the nesting depth of an element */
if (shadowNode.nodeType === 1) {
if (shadowNode.parentNode && shadowNode.parentNode.__depth) {
if (parentNode && parentNode.__depth) {
/*
We want the depth of the node in the original tree, which can
change when it's removed from its parent.
*/
shadowNode.__depth =
(shadowNode.__removalCount || 0) +
shadowNode.parentNode.__depth +
1;
(shadowNode.__removalCount || 0) + parentNode.__depth + 1;
} else {
shadowNode.__depth = 1;
}
Expand Down Expand Up @@ -1543,17 +1541,17 @@ function createDOMPurify(window = getGlobal()) {
continue;
}

const parentNode = getParentNode(currentNode);

/* Set the nesting depth of an element */
if (currentNode.nodeType === 1) {
if (currentNode.parentNode && currentNode.parentNode.__depth) {
if (parentNode && parentNode.__depth) {
/*
We want the depth of the node in the original tree, which can
change when it's removed from its parent.
*/
currentNode.__depth =
(currentNode.__removalCount || 0) +
currentNode.parentNode.__depth +
1;
(currentNode.__removalCount || 0) + parentNode.__depth + 1;
} else {
currentNode.__depth = 1;
}
Expand Down
9 changes: 6 additions & 3 deletions test/fixtures/expect.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1018,7 +1018,8 @@ module.exports = [
"<svg></svg><p></p><textarea>&lt;title&gt;&lt;style&gt;</textarea><img src=\"x\">",
"<svg></svg>",
"<svg></svg><p></p><img src=\"x\">",
"<svg xmlns=\"http://www.w3.org/2000/svg\" />"
"<svg xmlns=\"http://www.w3.org/2000/svg\" />",
"<svg><title></title></svg>"
]
}, {
"title": "Tests against mXSS behavior with SVG in Chrome 77 and alike 2/2",
Expand All @@ -1028,7 +1029,8 @@ module.exports = [
"<svg></svg><p></p><title>&lt;a id=\"</title><img src=\"x\">\"&gt;",
"<svg><title><a id=\"</title><img src=x onerror=alert()>\"></a></title></svg>",
"<svg xmlns=\"http://www.w3.org/2000/svg\"><title><a id=\"</title><img src=x onerror=alert()>\"></a></title></svg>",
"<svg xmlns=\"http://www.w3.org/2000/svg\"><title><a id=\"</title><img src=x onerror=alert()>\"></a></title></title></svg></svg>"
"<svg xmlns=\"http://www.w3.org/2000/svg\"><title><a id=\"</title><img src=x onerror=alert()>\"></a></title></title></svg></svg>",
"<svg><title></title></svg>"
]
}, {
"title": "Tests against mXSS behavior with MathML in Chrome 77 and alike",
Expand All @@ -1048,7 +1050,8 @@ module.exports = [
"<svg></svg><p></p><img src=\"x\">",
"<svg><title><template></template></title></svg>",
"<svg xmlns=\"http://www.w3.org/2000/svg\"><title><template></template></title></svg>",
"<svg xmlns=\"http://www.w3.org/2000/svg\"><title><template></template></title></title></svg></svg>"
"<svg xmlns=\"http://www.w3.org/2000/svg\"><title><template></template></title></title></svg></svg>",
"<svg><title></title></svg>"
]
}, {
"title": "Tests against mXSS behavior with MathML Templates in Chrome 77 and alike",
Expand Down
8 changes: 4 additions & 4 deletions test/test-suite.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1732,8 +1732,8 @@
test:
'<svg><desc><canvas></canvas><textarea></textarea></desc></svg>',
expected: [
'<svg><desc><canvas></canvas><textarea></textarea></desc></svg>',
'<svg xmlns="http://www.w3.org/2000/svg"><desc><canvas></canvas><textarea></textarea></desc></svg>',
'<svg><desc></desc></svg>',
'<svg xmlns="http://www.w3.org/2000/svg"><desc></desc></svg>',
'<svg xmlns="http://www.w3.org/2000/svg" />',
],
},
Expand All @@ -1758,9 +1758,9 @@
{
test: '<svg><math></math><title><math></math></title></svg>',
expected: [
'<svg><title><math></math></title></svg>',
'<svg><title></title></svg>',
'<svg xmlns="http://www.w3.org/2000/svg" />',
'<svg xmlns="http://www.w3.org/2000/svg"><title><math></math></title></svg>',
'<svg xmlns="http://www.w3.org/2000/svg"><title></title></svg>',
],
},
{
Expand Down

0 comments on commit fc9f702

Please sign in to comment.