Added a mitigation against a problem with templates inside select

cure53 · Aug 10, 2021 · e32ca24 · e32ca24
1 parent ded85d9
commit e32ca24
Show file tree

Hide file tree

Showing 10 changed files with 71 additions and 8 deletions.
diff --git a/dist/purify.cjs.js b/dist/purify.cjs.js
diff --git a/dist/purify.cjs.js.map b/dist/purify.cjs.js.map
diff --git a/dist/purify.es.js b/dist/purify.es.js
diff --git a/dist/purify.es.js.map b/dist/purify.es.js.map
diff --git a/dist/purify.js b/dist/purify.js
diff --git a/dist/purify.js.map b/dist/purify.js.map
diff --git a/dist/purify.min.js b/dist/purify.min.js
diff --git a/dist/purify.min.js.map b/dist/purify.min.js.map
diff --git a/src/purify.js b/src/purify.js
@@ -861,6 +861,15 @@ function createDOMPurify(window = getGlobal()) {
       return true;
     }
 
+    /* Mitigate a problem with templates inside select */
+    if (
+      tagName === 'select' &&
+      regExpTest(/<template/i, currentNode.innerHTML)
+    ) {
+      _forceRemove(currentNode);
+      return true;
+    }
+
     /* Remove element if anything forbids its presence */
     if (!ALLOWED_TAGS[tagName] || FORBID_TAGS[tagName]) {
       /* Keep content except for bad-listed elements */

diff --git a/test/fixtures/expect.js b/test/fixtures/expect.js
@@ -1200,5 +1200,11 @@ module.exports = [
           "<b is=\"\">bar</b>",
           "<b>bar</b>"
       ]
+  }, {
+      "title": "Tests against removal of templates inside select elements",
+      "payload": "<select><template></template></select>",
+      "expected": [
+          ""
+      ]
   }
 ];