Skip to content

Commit 05aefb4

Browse files
cure53cure53
committed
See #548
Fixed an issue with reacting to prohibited data attributes
1 parent 16d8eed commit 05aefb4

File tree

9 files changed

+13
-9
lines changed

9 files changed

+13
-9
lines changed

dist/purify.cjs.js

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

dist/purify.cjs.js.map

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

dist/purify.es.js

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

dist/purify.es.js.map

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

dist/purify.js

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

dist/purify.js.map

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

dist/purify.min.js

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

dist/purify.min.js.map

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

src/purify.js

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -914,7 +914,11 @@ function createDOMPurify(window = getGlobal()) {
914914
(https://html.spec.whatwg.org/multipage/dom.html#embedding-custom-non-visible-data-with-the-data-*-attributes)
915915
XML-compatible (https://html.spec.whatwg.org/multipage/infrastructure.html#xml-compatible and http://www.w3.org/TR/xml/#d0e804)
916916
We don't need to check the value; it's always URI safe. */
917-
if (ALLOW_DATA_ATTR && regExpTest(DATA_ATTR, lcName)) {
917+
if (
918+
ALLOW_DATA_ATTR &&
919+
!FORBID_ATTR[lcName] &&
920+
regExpTest(DATA_ATTR, lcName)
921+
) {
918922
// This attribute is safe
919923
} else if (ALLOW_ARIA_ATTR && regExpTest(ARIA_ATTR, lcName)) {
920924
// This attribute is safe

0 commit comments

Comments
 (0)