Closed abdalla-rko closed 1 year ago
Have you tried using DOMPurify.sanitize(dirty, {FORCE_BODY: true})
?
Thanks, it works with this config.
Thank you so much @abdalla-rko! I just ran into that exact same bug that was reported by my customer. Your post and validation of the fix was helpful.
@cure53 Will this be fixed in the project or do you recommend we patch it on our side? For reference, we are using version 3.0.3 Thank you!
@marissa-halpert No fix is expected as this is default browser behavior. If we fix this, things will fall apart :smile:
Background & Context
When sanitizing an HTML string using the
sanitize
method, if the HTML string starts with astyle
tag thestyle
tag will be removed. However, if I add some text and then include astyle
tag it works as expected. Therefore, the issue seems to occur only when starting with astyle
tag.Bug
When starting with a
style
tag, thestyle
tag will be removed.Input
Given output
Notice that the first
style
tag is removedExpected output