This repository was archived by the owner on Apr 12, 2024. It is now read-only.
File tree 2 files changed +9
-1
lines changed
2 files changed +9
-1
lines changed Original file line number Diff line number Diff line change @@ -336,7 +336,7 @@ function htmlParser(html, handler) {
336336 }
337337
338338 } else {
339- html = html . replace ( new RegExp ( "(. *)<\\s*\\/\\s*" + stack . last ( ) + "[^>]*>" , 'i' ) ,
339+ html = html . replace ( new RegExp ( "([^] *)<\\s*\\/\\s*" + stack . last ( ) + "[^>]*>" , 'i' ) ,
340340 function ( all , text ) {
341341 text = text . replace ( COMMENT_REGEXP , "$1" ) . replace ( CDATA_REGEXP , "$1" ) ;
342342
Original file line number Diff line number Diff line change @@ -140,6 +140,10 @@ describe('HTML', function() {
140140 expectHTML ( 'a<SCRIPT>evil< / scrIpt >c.' ) . toEqual ( 'ac.' ) ;
141141 } ) ;
142142
143+ it ( 'should remove script that has newline characters' , function ( ) {
144+ expectHTML ( 'a<SCRIPT\n>\n\revil\n\r< / scrIpt\n >c.' ) . toEqual ( 'ac.' ) ;
145+ } ) ;
146+
143147 it ( 'should remove DOCTYPE header' , function ( ) {
144148 expectHTML ( '<!DOCTYPE html>' ) . toEqual ( '' ) ;
145149 expectHTML ( '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"\n"http://www.w3.org/TR/html4/strict.dtd">' ) . toEqual ( '' ) ;
@@ -160,6 +164,10 @@ describe('HTML', function() {
160164 expectHTML ( 'a<STyle>evil</stYle>c.' ) . toEqual ( 'ac.' ) ;
161165 } ) ;
162166
167+ it ( 'should remove style that has newline characters' , function ( ) {
168+ expectHTML ( 'a<STyle \n>\n\revil\n\r</stYle\n>c.' ) . toEqual ( 'ac.' ) ;
169+ } ) ;
170+
163171 it ( 'should remove script and style' , function ( ) {
164172 expectHTML ( 'a<STyle>evil<script></script></stYle>c.' ) . toEqual ( 'ac.' ) ;
165173 } ) ;
You can’t perform that action at this time.
0 commit comments