fix: attemtping to fix another mutation behavior

cure53 · Sep 20, 2020 · 02724b8 · 02724b8
1 parent 63061bf
commit 02724b8
Show file tree

Hide file tree

Showing 10 changed files with 16 additions and 10 deletions.
diff --git a/dist/purify.cjs.js b/dist/purify.cjs.js
diff --git a/dist/purify.cjs.js.map b/dist/purify.cjs.js.map
diff --git a/dist/purify.es.js b/dist/purify.es.js
diff --git a/dist/purify.es.js.map b/dist/purify.es.js.map
diff --git a/dist/purify.js b/dist/purify.js
diff --git a/dist/purify.js.map b/dist/purify.js.map
diff --git a/dist/purify.min.js b/dist/purify.min.js
diff --git a/dist/purify.min.js.map b/dist/purify.min.js.map
diff --git a/src/purify.js b/src/purify.js
@@ -674,7 +674,7 @@ function createDOMPurify(window = getGlobal()) {
     /* Take care of an mXSS pattern using p, br inside svg, math */
     if (
       (tagName === 'svg' || tagName === 'math') &&
-      currentNode.querySelectorAll('p, br, form').length !== 0
+      currentNode.querySelectorAll('p, br, form, table').length !== 0
     ) {
       _forceRemove(currentNode);
       return true;

diff --git a/test/fixtures/expect.js b/test/fixtures/expect.js
@@ -1075,11 +1075,17 @@ module.exports = [
           "<svg></svg><b><style><b title='</style><img>'&gt;</b>"
       ]
   }, {
-      "title": "Tests against nesting-based mXSS behavior 1/1",
+      "title": "Tests against nesting-based mXSS behavior 1/2",
       "payload": "<form><math><mtext></form><form><mglyph><style><img>",
       "expected": [
           "<form></form>"
       ]
+  }, {
+      "title": "Tests against nesting-based mXSS behavior 2/2",
+      "payload": "<math><mtext><table><mglyph><style><math>CLICKME</math>",
+      "expected": [
+          ""
+      ]
   }, {
       "title": "Tests against proper handling of leading whitespaces",
       "payload": " ",