10 matches found
SUSE CVE-2026-41240
DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions prior to 3.4.0 have an inconsistency between FORBIDTAGS and FORBIDATTR handling when function-based ADDTAGS is used. Commit c361baa added an early exit for FORBIDATTR at line 1214. The same fix was not...
CVE-2026-41240
DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions prior to 3.4.0 have an inconsistency between FORBIDTAGS and FORBIDATTR handling when function-based ADDTAGS is used. Commit c361baa added an early exit for FORBIDATTR at line 1214. The same fix was not...
CVE-2026-41240 DOMPurify: FORBID_TAGS bypassed by function-based ADD_TAGS predicate (asymmetry with FORBID_ATTR fix)
DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions prior to 3.4.0 have an inconsistency between FORBIDTAGS and FORBIDATTR handling when function-based ADDTAGS is used. Commit c361baa added an early exit for FORBIDATTR at line 1214. The same fix was not...
CVE-2026-41240
Summary of technical details (CVE-2026-41240) : DOMPurify prior to 3.4.0 has an inconsistency between FORBID_TAGS and FORBID_ATTR when function-based ADD_TAGS is used. The fix added an early exit for FORBID_ATTR but the FORBID_TAGS path remained unpatched, causing short-circuiting that allows for...
GHSA-H7MW-GPVR-XQ4M DOMPurify: FORBID_TAGS bypassed by function-based ADD_TAGS predicate (asymmetry with FORBID_ATTR fix)
There is an inconsistency between FORBIDTAGS and FORBIDATTR handling when function-based ADDTAGS is used. Commit c361baa added an early exit for FORBIDATTR at line 1214: / FORBIDATTR must always win, even if ADDATTR predicate would allow it / if FORBIDATTRlcName return false; The same fix was not...
PT-2026-34604
Name of the Vulnerable Software and Affected Versions DOMPurify versions prior to 3.4.0 Description An inconsistency exists between the handling of FORBID TAGS and FORBID ATTR when a function-based ADD TAGS configuration is used. Specifically, when the EXTRA ELEMENT HANDLING.tagCheck function...
GHSA-39Q2-94RC-95CP DOMPurify's ADD_TAGS function form bypasses FORBID_TAGS due to short-circuit evaluation
Summary In src/purify.ts:1117-1123, ADDTAGS as a function via EXTRAELEMENTHANDLING.tagCheck bypasses FORBIDTAGS due to short-circuit evaluation. The condition: !tagChecktagName && !ALLOWEDTAGStagName || FORBIDTAGStagName When tagChecktagName returns true, the entire condition is false and the...
Operator Precedence Logic Error
Overview org.webjars.npm:dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG. Affected versions of this package are vulnerable to Operator Precedence Logic Error in the form of short-circuit evaluation that gives precedence to ADDTAGS over FORBIDTAGS in sanitizeElements. In an...
Operator Precedence Logic Error
Overview dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG. Affected versions of this package are vulnerable to Operator Precedence Logic Error in the form of short-circuit evaluation that gives precedence to ADDTAGS over FORBIDTAGS in sanitizeElements. In an application where ADDTAG...
DOMPurify's ADD_TAGS function form bypasses FORBID_TAGS due to short-circuit evaluation
Summary In src/purify.ts:1117-1123, ADDTAGS as a function via EXTRAELEMENTHANDLING.tagCheck bypasses FORBIDTAGS due to short-circuit evaluation. The condition: !tagChecktagName && !ALLOWEDTAGStagName || FORBIDTAGStagName When tagChecktagName returns true, the entire condition is false and the...