search

cure53 / DOMPurify

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
https://cure53.de/purify
Other
14.14k stars 735 forks source link

fix: added __removalCount to account for nodes removed from parents w… #941

Closed icesfont closed 7 months ago

icesfont commented 7 months ago

…hen calculating depth

test: added more nesting-based mXSS tests and clobbering tests for __removalCount

Summary

Fixes issues with tags absent from FORBID_CONTENTS not increasing the depth.