Skip to content

Commit

Permalink
fix: Fixed a possible config-specific bypass via "is" attributes, tha…
Browse files Browse the repository at this point in the history
…nks @Yaniv-git
  • Loading branch information
cure53 committed Nov 29, 2024
1 parent cea034c commit e7d44d2
Show file tree
Hide file tree
Showing 5 changed files with 9 additions and 9 deletions.
4 changes: 2 additions & 2 deletions dist/purify.cjs.js

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 2 additions & 2 deletions dist/purify.es.mjs
Original file line number Diff line number Diff line change
Expand Up @@ -777,8 +777,8 @@ function createDOMPurify() {
});
}
element.removeAttribute(name);
// We void attribute values for unremovable "is"" attributes
if (name === 'is' && !ALLOWED_ATTR[name]) {
// We void attribute values for unremovable "is" attributes
if (name === 'is') {
if (RETURN_DOM || RETURN_DOM_FRAGMENT) {
try {
_forceRemove(element);
Expand Down
4 changes: 2 additions & 2 deletions dist/purify.js

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

0 comments on commit e7d44d2

Please sign in to comment.