fix: ignore base64 encoded src attributes

src/selector-attribute.ts

@@ -35,10 +35,10 @@ export function attributeNodeToSelector({
 }
 
 /**
- * Checks whether attribute should be used as a selector.
+ * Checks whether an attribute should be used as a selector.
  */
 export function isValidAttributeNode(
-  { nodeName }: Node,
+  { nodeName, nodeValue }: Node,
   element: Element,
 ): boolean {
   // form input value should not be used as a selector
@@ -47,6 +47,11 @@ export function isValidAttributeNode(
     return false;
   }
 
+  // ignore Base64-encoded strings as 'src' attribute values (e.g. in tags like img, audio, video, iframe, object, embed).
+  if (nodeName === "src" && nodeValue?.startsWith("data:")) {
+    return false;
+  }
+
   return !attributeBlacklistMatch(nodeName);
 }
 
@@ -56,7 +61,7 @@ export function isValidAttributeNode(
 function sanitizeAttributeData({ nodeName, nodeValue }: Node): AttributeData {
   return {
     name: sanitizeSelectorItem(nodeName),
-    value: sanitizeSelectorItem(nodeValue),
+    value: sanitizeSelectorItem(nodeValue ?? undefined),
   };
 }
 

test/selector-attribute.spec.ts

@@ -130,4 +130,11 @@ describe("selector - attribute", function () {
       assert.equal(document.querySelector(selector), element);
     });
   });
+
+  it("should ignore base64 encoded 'src' attribute values", () => {
+    root.innerHTML =
+      '<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAFE2lUWHRYTUw6Y29tLmFkb2JlLnhtcAAAAAAAPD94cGFja2V0IGJlZ2luPSLvu78iIGlkPSJXNU0wTXBDZWhpSHpyZVN6TlRjemtjOWQiPz4KPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iWE1QIENvcmUgNS41LjAiPgogPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4KICA8cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIgogICAgeG1sbnM6eG1wPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvIgogICAgeG1sbnM6cGhvdG9zaG9wPSJodHRwOi8vbnMuYWRvYmUuY29tL3Bob3Rvc2hvcC8xLjAvIgogICAgeG1sbnM6ZXhpZj0iaHR0cDovL25zLmFkb2JlLmNvbS9leGlmLzEuMC8iCiAgICB4bWxuczp0aWZmPSJodHRwOi8vbnMuYWRvYmUuY29tL3RpZmYvMS4wLyIKICAgIHhtbG5zOnhtcE1NPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvbW0vIgogICAgeG1sbnM6c3RFdnQ9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9zVHlwZS9SZXNvdXJjZUV2ZW50IyIKICAgeG1wOkNyZWF0ZURhdGU9IjIwMjQtMTAtMjRUMTE6NTA6MjArMDIwMCIKICAgeG1wOk1vZGlmeURhdGU9IjIwMjQtMTAtMjRUMTE6NTA6MzkrMDI6MDAiCiAgIHhtcDpNZXRhZGF0YURhdGU9IjIwMjQtMTAtMjRUMTE6NTA6MzkrMDI6MDAiCiAgIHBob3Rvc2hvcDpEYXRlQ3JlYXRlZD0iMjAyNC0xMC0yNFQxMTo1MDoyMCswMjAwIgogICBwaG90b3Nob3A6Q29sb3JNb2RlPSIzIgogICBwaG90b3Nob3A6SUNDUHJvZmlsZT0ic1JHQiBJRUM2MTk2Ni0yLjEiCiAgIGV4aWY6UGl4ZWxYRGltZW5zaW9uPSIxIgogICBleGlmOlBpeGVsWURpbWVuc2lvbj0iMSIKICAgZXhpZjpDb2xvclNwYWNlPSIxIgogICB0aWZmOkltYWdlV2lkdGg9IjEiCiAgIHRpZmY6SW1hZ2VMZW5ndGg9IjEiCiAgIHRpZmY6UmVzb2x1dGlvblVuaXQ9IjIiCiAgIHRpZmY6WFJlc29sdXRpb249IjMwMC8xIgogICB0aWZmOllSZXNvbHV0aW9uPSIzMDAvMSI+CiAgIDx4bXBNTTpIaXN0b3J5PgogICAgPHJkZjpTZXE+CiAgICAgPHJkZjpsaQogICAgICBzdEV2dDphY3Rpb249InByb2R1Y2VkIgogICAgICBzdEV2dDpzb2Z0d2FyZUFnZW50PSJBZmZpbml0eSBEZXNpZ25lciAyIDIuNS41IgogICAgICBzdEV2dDp3aGVuPSIyMDI0LTEwLTI0VDExOjUwOjM5KzAyOjAwIi8+CiAgICA8L3JkZjpTZXE+CiAgIDwveG1wTU06SGlzdG9yeT4KICA8L3JkZjpEZXNjcmlwdGlvbj4KIDwvcmRmOlJERj4KPC94OnhtcG1ldGE+Cjw/eHBhY2tldCBlbmQ9InIiPz442FO+AAABgWlDQ1BzUkdCIElFQzYxOTY2LTIuMQAAKJF1kd8rg1EYxz8bom1MzYULF0vIxaahFjfKlkYtaaYMN9u7X2qbt/edJLfK7YoSN35d8Bdwq1wrRaTketfEDev1vKYm2XN6zvM533Oep3OeA9ZoTsnrjT7IF4paJBRwz8cW3M1lbLiw009bXNHV8ZmZMHXt/R6LGW+9Zq365/41ezKlK2BpER5TVK0oPCkcXiuqJu8IdyjZeFL4TNijyQWF70w9UeWyyZkqf5qsRSNBsLYLuzO/OPGLlayWF5aX05PPrSo/9zFf4kgV5mYldot3oRMhRAA3U0wQxM8gozL78TLEgKyok+/7zp9mRXIVmVXW0VgmQ5YiHlFXpXpKYlr0lIwc62b///ZVTw8PVas7AtD0bBivvdC8DZWSYXwcGUblGBqe4LJQy185hJE30Us1recAnJtwflXTErtwsQWdj2pci39LDeLWdBpeTqE1Bq4bsC1We/azz8kDRDfkq65hbx/65Lxz6QtLWGfZQ2fibgAAAAlwSFlzAAAuIwAALiMBeKU/dgAAAAxJREFUCJlj+P//PwAF/gL+WPJrDgAAAABJRU5ErkJggg==" />';
+    const result = getAttributeSelectors([root.firstElementChild]);
+    assert.sameMembers(result, []);
+  });
 });