From dfed838437fa1f3fee52288eeed38c55a6d84d1f Mon Sep 17 00:00:00 2001
From: jackfromeast <thisiszhengyu@gmail.com>
Date: Mon, 16 Sep 2024 11:42:53 -0400
Subject: [PATCH] fix: avoid DOM Clobbering gadget in
 `getRelativeUrlFromDocument` (#18115)

---
 packages/vite/src/node/build.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/vite/src/node/build.ts b/packages/vite/src/node/build.ts
index 7dce3ee073689f..8cd93f695f48ef 100644
--- a/packages/vite/src/node/build.ts
+++ b/packages/vite/src/node/build.ts
@@ -1133,7 +1133,7 @@ const getRelativeUrlFromDocument = (relativePath: string, umd = false) =>
   getResolveUrl(
     `'${escapeId(partialEncodeURIPath(relativePath))}', ${
       umd ? `typeof document === 'undefined' ? location.href : ` : ''
-    }document.currentScript && document.currentScript.src || document.baseURI`,
+    }document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI`,
   )
 
 const getFileUrlFromFullPath = (path: string) =>