From c90262e619a9bac86c6ea6b1c57262a87541ba72 Mon Sep 17 00:00:00 2001 From: Misko Hevery Date: Thu, 20 Aug 2020 08:56:01 -0700 Subject: [PATCH] Revert "Revert "fix(core): remove closing body tag from inert DOM builder (#38454)"" This reverts commit 87bbf69ce8f673c022b6db55be232ecdf2cb343a. --- packages/core/src/sanitization/inert_body.ts | 5 +++-- .../test/sanitization/html_sanitizer_spec.ts | 21 +++++++++++++++++++ 2 files changed, 24 insertions(+), 2 deletions(-) diff --git a/packages/core/src/sanitization/inert_body.ts b/packages/core/src/sanitization/inert_body.ts index 62c6598df8..0d7173f01a 100644 --- a/packages/core/src/sanitization/inert_body.ts +++ b/packages/core/src/sanitization/inert_body.ts @@ -32,8 +32,9 @@ class DOMParserHelper implements InertBodyHelper { getInertBodyElement(html: string): HTMLElement|null { // We add these extra elements to ensure that the rest of the content is parsed as expected // e.g. leading whitespace is maintained and tags like `` do not get hoisted to the - // `` tag. - html = '' + html + ''; + // `` tag. Note that the `` tag is closed implicitly to prevent unclosed tags + // in `html` from consuming the otherwise explicit `` tag. + html = '' + html; try { const body = new (window as any).DOMParser().parseFromString(html, 'text/html').body as HTMLBodyElement; diff --git a/packages/core/test/sanitization/html_sanitizer_spec.ts b/packages/core/test/sanitization/html_sanitizer_spec.ts index dc83ca31f5..d577ce2c4d 100644 --- a/packages/core/test/sanitization/html_sanitizer_spec.ts +++ b/packages/core/test/sanitization/html_sanitizer_spec.ts @@ -173,6 +173,27 @@ import {isDOMParserAvailable} from '../../src/sanitization/inert_body'; expect(logMsgs.join('\n')).toMatch(/sanitizing HTML stripped some content/); }); + it('should strip unclosed iframe tag', () => { + expect(_sanitizeHtml(defaultDoc, '