DOMPurify: Prototype Pollution to XSS Bypass via CUSTOM_ELEMENT_HANDLING Fallback

DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions 3.0.1 through 3.3.3 are vulnerable to a prototype pollution-based XSS bypass. When an application uses `DOMPurify.sanitize()` with the default configuration (no `CUSTOM_ELEMENT_HANDLING` option), a prior prototype pollution gadget can inject permissive `tagNameCheck` and `attributeNameCheck` regex values into `Object.prototype`, causing DOMPurify to allow arbitrary custom elements with arbitrary attributes — including event handlers — through sanitization. Version 3.4.0 fixes the issue.

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

DOMPurify 跨站脚本漏洞

DOMPurify是Cure53个人开发者的一款使用JavaScript编写的，用于HTML、MathML和SVG的DOM（文档对象模型）。 DOMPurify 3.0.1版本至3.3.3版本存在跨站脚本漏洞，该漏洞源于基于原型污染的XSS绕过，允许任意自定义元素和属性通过清理。

N/A

N/A