The MAX_NESTING_DEPTH remove contents issue has not been resolved.

cure53 / DOMPurify

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

https://cure53.de/purify

Other

13.34k stars 690 forks source link

The MAX_NESTING_DEPTH remove contents issue has not been resolved. #966

Closed kakao-bishop-cho closed 1 month ago

kakao-bishop-cho commented 1 month ago

This issue proposes a [bug, feature] which...

Background & Context

MAX_NESTING_DEPTH remove contents issue

Hello!

Unfortunately, the issue has not been resolved.

I am attaching a raw html file for you to test. sample.txt

There are not many, but some users are experiencing an issue where their content is not being displayed.

I know you must be busy, but could you please check this?

The actual user's text information has been changed to "TEST TEST," etc.

Bug

Input

Given output

Expected output

cure53 commented 1 month ago

This cannot really be relating to the MAX_NESTING_DEPTH as the depth counter logic has been unimplemented completely.

Can you maybe narrow down what gets removed, what your config looks like, etc? Currently we have no chance to debug this because it's not clear what the expected HTML would look like, what is missing etc.

kakao-bishop-cho commented 1 month ago

@cure53

I'm sorry. 😢 Upon rechecking, it turns out we were using version 3.1.4.

During the rollup build process, it seemed like the issue wasn't resolved because the 3.1.4 version from the node_modules cache was continuously being used.

It appears to be working fine now.

Thank you!

cure53 commented 1 month ago

Ah, cool :smile: