Closed weizman closed 1 year ago
Attempt to fix #91, inspired by @mmndaniel's #106
XMLSerializer
Running:
const html = ` <iframe onload="top.bypass([this.contentWindow]);"></iframe> <script>setTimeout(() => top.bypass([window]), 1000)</script> `; const template = document.createElement('html'); template.innerHTML = html; new XMLSerializer().serializeToString(template);
Returns:
'<html xmlns="http://www.w3.org/1999/xhtml"><head></head><body><iframe onload="top.bypass([this.contentWindow]);"></iframe>\n\x3Cscript>setTimeout(() => top.bypass([window]), 1000)\x3C/script>\n</body></html>' template.innerHTML
See how the content of the script tag is ruined.
Luckily, replacing the usage of XMLSerializer with a simple innerHTML setter seems to do the trick, god knows why...
innerHTML
ending up with #123
Attempt to fix #91, inspired by @mmndaniel's #106
106 attempts to use
XMLSerializer
which after some research fucks up html result and injects some syntax errors.Running:
Returns:
See how the content of the script tag is ruined.
Luckily, replacing the usage of
XMLSerializer
with a simpleinnerHTML
setter seems to do the trick, god knows why...