Merge branch 'main' into issue-OWASP-BLT#1556

JisanAR03 · Nov 2, 2023 · 72d46a0 · 72d46a0
2 parents 495c1a6 + 06a3ed3
commit 72d46a0
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 4 deletions.
diff --git a/website/static/js/jquery.caret.js b/website/static/js/jquery.caret.js
@@ -125,7 +125,7 @@
                 offset = this.getOldIEOffset();
             }
             if (offset) {
-                offset.top += $(oWindow).scrollTop();
+                if (oWindow && typeof oWindow === 'object' && 'scrollTo' in oWindow && 'document' in oWindow) {offset.top += $(oWindow).scrollTop();} else {console.error('oWindow is not a valid window object for scrolltop.');}
                 offset.left += $(oWindow).scrollLeft();
             }
             return offset;
@@ -216,8 +216,19 @@
             $inputor = this.$inputor;
             if (oDocument.selection) {
                 offset = this.getIEOffset(pos);
-                offset.top += $(oWindow).scrollTop() + $inputor.scrollTop();
-                offset.left += $(oWindow).scrollLeft() + $inputor.scrollLeft();
+                // Check if oWindow is a window object by checking for window-specific properties
+                function isValidWindow(obj) {
+                    return obj && typeof obj === 'object' && 'scrollTo' in obj && obj.document && obj.self === obj;
+                }
+                // Then use this function in your conditionals
+                if (isValidWindow(oWindow)) {
+                    offset.top += $(oWindow).scrollTop();
+                    offset.left += $(oWindow).scrollLeft();
+                } else {
+                    console.error('oWindow is not a valid window object.');
+                }
+                offset.top += $inputor.scrollTop();
+                offset.left += $inputor.scrollLeft();
                 return offset;
             } else {
                 offset = $inputor.offset();

diff --git a/website/static/vendor/jquery/jquery.js b/website/static/vendor/jquery/jquery.js
@@ -5700,7 +5700,16 @@
 
     jQuery.extend({
         htmlPrefilter: function (html) {
-            var expandedHTML = html.replace(rxhtmlTag, "<$1></$2>");
+            var safeTagsToExpand = /<([a-z]+)([^<]*)\/>/gi;
+            var expandedHTML = html.replace(safeTagsToExpand, function(match, tag, attributes) {
+                // Check if the tag is one that should never be self-closing
+                if (!/^(?:area|br|col|embed|hr|img|input|link|meta|param)$/i.test(tag)) {
+                    return "<" + tag + attributes + "></" + tag + ">";
+                } else {
+                    // If it's a self-closing tag, leave it as is
+                    return match;
+                }
+            });
             return sanitizeHTML(expandedHTML);
         },