Skip to content

Commit c7658d9

Browse files
paolodmpetebacondarwin
paolodm
authored and
petebacondarwin
committed
fix($sanitize): sanitize DOCTYPE declarations correctly
HTML to be sanitized that contains a DOCTYPE declaration were causing the HTML parser to throw an error. Now the parser correctly removes the declarations when sanitizing HTML. Closes angular#3931
1 parent b92c650 commit c7658d9

File tree

2 files changed

+17
-1
lines changed

2 files changed

+17
-1
lines changed

src/ngSanitize/sanitize.js

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -141,6 +141,7 @@ var START_TAG_REGEXP = /^<\s*([\w:-]+)((?:\s+[\w:-]+(?:\s*=\s*(?:(?:"[^"]*")|(?:
141141
BEGIN_TAG_REGEXP = /^</,
142142
BEGING_END_TAGE_REGEXP = /^<\s*\//,
143143
COMMENT_REGEXP = /<!--(.*?)-->/g,
144+
DOCTYPE_REGEXP = /<!DOCTYPE([^>]*?)>/i,
144145
CDATA_REGEXP = /<!\[CDATA\[(.*?)]]>/g,
145146
URI_REGEXP = /^((ftp|https?):\/\/|mailto:|#)/i,
146147
NON_ALPHANUMERIC_REGEXP = /([^\#-~| |!])/g; // Match everything outside of normal chars and " (quote character)
@@ -223,7 +224,14 @@ function htmlParser( html, handler ) {
223224
html = html.substring( index + 3 );
224225
chars = false;
225226
}
227+
// DOCTYPE
228+
} else if ( DOCTYPE_REGEXP.test(html) ) {
229+
match = html.match( DOCTYPE_REGEXP );
226230

231+
if ( match ) {
232+
html = html.replace( match[0] , '');
233+
chars = false;
234+
}
227235
// end tag
228236
} else if ( BEGING_END_TAGE_REGEXP.test(html) ) {
229237
match = html.match( END_TAG_REGEXP );

test/ngSanitize/sanitizeSpec.js

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,7 @@ describe('HTML', function() {
2424
attrs: attrs,
2525
unary: unary
2626
};
27-
// Since different browsers handle newlines differenttly we trim
27+
// Since different browsers handle newlines differently we trim
2828
// so that it is easier to write tests.
2929
angular.forEach(attrs, function(value, key) {
3030
attrs[key] = value.replace(/^\s*/, '').replace(/\s*$/, '')
@@ -80,6 +80,13 @@ describe('HTML', function() {
8080
expectHTML('a<SCRIPT>evil< / scrIpt >c.').toEqual('ac.');
8181
});
8282

83+
it('should remove DOCTYPE header', function() {
84+
expectHTML('<!DOCTYPE html>').toEqual('');
85+
expectHTML('<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"\n"http://www.w3.org/TR/html4/strict.dtd">').toEqual('');
86+
expectHTML('a<!DOCTYPE html>c.').toEqual('ac.');
87+
expectHTML('a<!DocTyPe html>c.').toEqual('ac.');
88+
});
89+
8390
it('should remove nested script', function() {
8491
expectHTML('a< SCRIPT >A< SCRIPT >evil< / scrIpt >B< / scrIpt >c.').toEqual('ac.');
8592
});
@@ -286,5 +293,6 @@ describe('HTML', function() {
286293
});
287294
});
288295

296+
289297
});
290298
});

0 commit comments

Comments
 (0)