fix: Added clobbering check for sanitizeAttribute to prevent an error

cure53 · Dec 7, 2024 · 9c71e04 · 9c71e04
1 parent c183cd6
commit 9c71e04
Show file tree

Hide file tree

Showing 8 changed files with 34 additions and 50 deletions.
diff --git a/dist/purify.cjs.js b/dist/purify.cjs.js
diff --git a/dist/purify.cjs.js.map b/dist/purify.cjs.js.map
diff --git a/dist/purify.es.mjs b/dist/purify.es.mjs
@@ -1031,7 +1031,7 @@ function createDOMPurify() {
       attributes
     } = currentNode;
     /* Check if we have attributes; if not we might have a text node */
-    if (!attributes) {
+    if (!attributes || _isClobbered(currentNode)) {
       return;
     }
     const hookEvent = {
@@ -1147,12 +1147,10 @@ function createDOMPurify() {
     while (shadowNode = shadowIterator.nextNode()) {
       /* Execute a hook if present */
       _executeHooks(hooks.uponSanitizeShadowNode, shadowNode, null);
-      /* Check attributes first */
-      _sanitizeAttributes(shadowNode);
       /* Sanitize tags and elements */
-      if (_sanitizeElements(shadowNode)) {
-        continue;
-      }
+      _sanitizeElements(shadowNode);
+      /* Check attributes next */
+      _sanitizeAttributes(shadowNode);
       /* Deep shadow DOM detected */
       if (shadowNode.content instanceof DocumentFragment) {
         _sanitizeShadowDOM(shadowNode.content);
@@ -1244,12 +1242,10 @@ function createDOMPurify() {
     const nodeIterator = _createNodeIterator(IN_PLACE ? dirty : body);
     /* Now start iterating over the created document */
     while (currentNode = nodeIterator.nextNode()) {
-      /* Check attributes first */
-      _sanitizeAttributes(currentNode);
       /* Sanitize tags and elements */
-      if (_sanitizeElements(currentNode)) {
-        continue;
-      }
+      _sanitizeElements(currentNode);
+      /* Check attributes next */
+      _sanitizeAttributes(currentNode);
       /* Shadow DOM detected, sanitize it */
       if (currentNode.content instanceof DocumentFragment) {
         _sanitizeShadowDOM(currentNode.content);

diff --git a/dist/purify.es.mjs.map b/dist/purify.es.mjs.map
diff --git a/dist/purify.js b/dist/purify.js
diff --git a/dist/purify.js.map b/dist/purify.js.map
diff --git a/dist/purify.min.js b/dist/purify.min.js
diff --git a/src/purify.ts b/src/purify.ts
@@ -1273,7 +1273,7 @@ function createDOMPurify(window: WindowLike = getGlobal()): DOMPurify {
     const { attributes } = currentNode;
 
     /* Check if we have attributes; if not we might have a text node */
-    if (!attributes) {
+    if (!attributes || _isClobbered(currentNode)) {
       return;
     }
 
@@ -1415,13 +1415,11 @@ function createDOMPurify(window: WindowLike = getGlobal()): DOMPurify {
       /* Execute a hook if present */
       _executeHooks(hooks.uponSanitizeShadowNode, shadowNode, null);
 
-      /* Check attributes first */
-      _sanitizeAttributes(shadowNode);
-
       /* Sanitize tags and elements */
-      if (_sanitizeElements(shadowNode)) {
-        continue;
-      }
+      _sanitizeElements(shadowNode);
+
+      /* Check attributes next */
+      _sanitizeAttributes(shadowNode);
 
       /* Deep shadow DOM detected */
       if (shadowNode.content instanceof DocumentFragment) {
@@ -1537,13 +1535,11 @@ function createDOMPurify(window: WindowLike = getGlobal()): DOMPurify {
 
     /* Now start iterating over the created document */
     while ((currentNode = nodeIterator.nextNode())) {
-      /* Check attributes first */
-      _sanitizeAttributes(currentNode);
-
       /* Sanitize tags and elements */
-      if (_sanitizeElements(currentNode)) {
-        continue;
-      }
+      _sanitizeElements(currentNode);
+
+      /* Check attributes next */
+      _sanitizeAttributes(currentNode);
 
       /* Shadow DOM detected, sanitize it */
       if (currentNode.content instanceof DocumentFragment) {