search

capricorn86 / happy-dom

A JavaScript implementation of a web browser without its graphical user interface
MIT License
3.28k stars 200 forks source link

Different result between Happy DOM and JSDOM when using DOM.sanitize() #1403

Open capricorn86 opened 5 months ago

capricorn86 commented 5 months ago 
// dompurify.js on Node.js 21.6.1

import createDOMPurify from 'dompurify'; // 3.0.8
import { Window } from 'happy-dom'; // 13.3.1
import { JSDOM } from 'jsdom'; // 24.0.0

const input = `<script>"HELLO"</script><body onload="document.write('hello')"><img onload="document.write('hey')"><script>document.write('hello');</script>`;

{
  const window = new Window();
  const DOMPurify = createDOMPurify(window);
  const clean = DOMPurify.sanitize(input);
  console.log('happy', clean);
}

{
  const window = new JSDOM('').window;
  const DOMPurify = createDOMPurify(window);
  const clean = DOMPurify.sanitize(input);
  console.log('jsdom', clean);
}
capricorn86 commented 5 months ago

Related to #1374 and #1265