Revision - 5528536 - fix(core): remove closing body tag from inert DOM builder (#38454) - origin: https://github.com/angular/angular

visit type:

https://github.com/angular/angular

01 September 2024, 02:13:37 UTC

Revision 552853648ca75fe420ba594ba48555da39f263c7 authored by Bjarki on 13 August 2020, 21:33:40 UTC, committed by Misko Hevery on 19 August 2020, 21:18:47 UTC

fix(core): remove closing body tag from inert DOM builder (#38454)

Fix a bug in the HTML sanitizer where an unclosed iframe tag would
result in an escaped closing body tag as the output:

_sanitizeHtml(document, '<iframe>') => '&lt;/body&gt;'

This closing body tag comes from the DOMParserHelper where the HTML to be
sanitized is wrapped with surrounding body tags. When an opening iframe
tag is parsed by DOMParser, which DOMParserHelper uses, everything up
until its matching closing tag is consumed as a text node. In the above
example this includes the appended closing body tag.

By removing the explicit closing body tag from the DOMParserHelper and
relying on the body tag being closed implicitly at the end, the above
example is sanitized as expected:

_sanitizeHtml(document, '<iframe>') => ''

PR Close #38454

1 parent 07b99f5

Files
Changes

Permalinks

Tip revision: 552853648ca75fe420ba594ba48555da39f263c7 authored by Bjarki on 13 August 2020, 21:33:40 UTC
fix(core): remove closing body tag from inert DOM builder (#38454)

Tip revision: 5528536

File	Mode	Size
.circleci
.devcontainer
.github
.ng-dev
.vscode
.yarn
aio
dev-infra
docs
goldens
integration
modules
packages
scripts
third_party
tools
.bazelignore	-rw-r--r--	4.3 KB
.bazelrc	-rw-r--r--	6.2 KB
.bazelversion	-rw-r--r--	213 bytes
.clang-format	-rw-r--r--	73 bytes
.editorconfig	-rw-r--r--	245 bytes
.gitattributes	-rw-r--r--	314 bytes
.gitignore	-rw-r--r--	726 bytes
.gitmessage	-rw-r--r--	7.2 KB
.mailmap	-rw-r--r--	51 bytes
.nvmrc	-rw-r--r--	8 bytes
.pullapprove.yml	-rw-r--r--	44.1 KB
.yarnrc	-rw-r--r--	128 bytes
BUILD.bazel	-rw-r--r--	1.7 KB
CHANGELOG.md	-rw-r--r--	725.0 KB
CODE_OF_CONDUCT.md	-rw-r--r--	1.1 KB
CONTRIBUTING.md	-rw-r--r--	14.2 KB
LICENSE	-rw-r--r--	1.1 KB
README.md	-rw-r--r--	1.2 KB
WORKSPACE	-rw-r--r--	4.3 KB
browser-providers.conf.js	-rw-r--r--	9.1 KB
gulpfile.js	-rw-r--r--	1.2 KB
karma-js.conf.js	-rw-r--r--	7.6 KB
package.json	-rw-r--r--	8.5 KB
test-events.js	-rw-r--r--	259 bytes
test-main.js	-rw-r--r--	11.3 KB
tslint.json	-rw-r--r--	2.3 KB
yarn.lock	-rw-r--r--	678.8 KB
yarn.lock.readme.md	-rw-r--r--	1.3 KB

Showing with 0 additions and 0 deletions (0 / 0 diffs computed)

Computing file changes ...

https://github.com/angular/angular

fix(core): remove closing body tag from inert DOM builder (#38454)

README.md