Skip to content

Commit

Permalink
Fixed a bug in the clobber check that caused a bypass in jPurify
Browse files Browse the repository at this point in the history
Fixed a possible security issue caused by double-clobbering
Thanks @avilidienbrunn
  • Loading branch information
cure53 committed Oct 8, 2014
1 parent 273d972 commit 4817f34
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion purify.js
Original file line number Diff line number Diff line change
Expand Up @@ -338,7 +338,8 @@

if (tmp instanceof Attr) {
if(SANITIZE_DOM) {
if(tmp.name === 'id' && window[tmp.value]) {
if(tmp.name === 'id'
&& (window[tmp.value] || document[tmp.value])) {
clobbering = true;
}
if(tmp.name === 'name' && document[tmp.value]){
Expand Down

0 comments on commit 4817f34

Please sign in to comment.