Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix(core): remove closing body tag from inert DOM builder (#38454)
Fix a bug in the HTML sanitizer where an unclosed iframe tag would result in an escaped closing body tag as the output: _sanitizeHtml(document, '<iframe>') => '</body>' This closing body tag comes from the DOMParserHelper where the HTML to be sanitized is wrapped with surrounding body tags. When an opening iframe tag is parsed by DOMParser, which DOMParserHelper uses, everything up until its matching closing tag is consumed as a text node. In the above example this includes the appended closing body tag. By removing the explicit closing body tag from the DOMParserHelper and relying on the body tag being closed implicitly at the end, the above example is sanitized as expected: _sanitizeHtml(document, '<iframe>') => '' PR Close #38454
- Loading branch information