Skip to content

Commit e7d44d2

Browse files
cure53cure53
committed
fix: Fixed a possible config-specific bypass via "is" attributes, thanks @Yaniv-git 
1 parent cea034c commit e7d44d2

File tree

5 files changed

+9
-9
lines changed

5 files changed

+9
-9
lines changed

dist/purify.cjs.js

+2-2
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

dist/purify.es.mjs

+2-2
Original file line numberDiff line numberDiff line change
@@ -777,8 +777,8 @@ function createDOMPurify() {
777777
});
778778
}
779779
element.removeAttribute(name);
780-
// We void attribute values for unremovable "is"" attributes
781-
if (name === 'is' && !ALLOWED_ATTR[name]) {
780+
// We void attribute values for unremovable "is" attributes
781+
if (name === 'is') {
782782
if (RETURN_DOM || RETURN_DOM_FRAGMENT) {
783783
try {
784784
_forceRemove(element);

dist/purify.js

+2-2
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)