diff --git a/lib/parser.js b/lib/parser.js
index 0caa24fb..787c304a 100644
--- a/lib/parser.js
+++ b/lib/parser.js
@@ -55,7 +55,7 @@ function parseTag(html, onTag, escapeHtml) {
var currentTagName = "";
var currentHtml = "";
- for (currentPos = 0; currentPos < len; currentPos++) {
+ chariterator: for (currentPos = 0; currentPos < len; currentPos++) {
var c = html.charAt(currentPos);
if (tagStart === false) {
if (c === "<") {
@@ -85,9 +85,17 @@ function parseTag(html, onTag, escapeHtml) {
tagStart = false;
continue;
}
- if ((c === '"' || c === "'") && html.charAt(currentPos - 1) === "=") {
- quoteStart = c;
- continue;
+ if ((c === '"' || c === "'")) {
+ var i = 1;
+ var ic = html.charAt(currentPos - i);
+
+ while ((ic === " ") || (ic === "=")) {
+ if (ic === "=") {
+ quoteStart = c;
+ continue chariterator;
+ }
+ ic = html.charAt(currentPos - ++i);
+ }
}
} else {
if (c === quoteStart) {
diff --git a/test/test_custom_method.js b/test/test_custom_method.js
index 0be06095..d92cfeab 100644
--- a/test/test_custom_method.js
+++ b/test/test_custom_method.js
@@ -359,4 +359,19 @@ describe("test custom XSS method", function() {
'hello
'
);
});
+
+ it("#onTag - sanitize html parameter", function() {
+ var source = '">';
+ var i = 0;
+ var html = xss(source, {
+ onTag: function(_, E, S) {
+ if (S.isWhite && "a" === _) {
+ if (S.isClosing) return "";
+ return "".concat(E, '');
+ }
+ }
+ });
+ debug(html);
+ assert.equal(html, '<script>alert(2)</script>">');
+ });
});