diff options
Diffstat (limited to 'src/core.js')
| -rw-r--r-- | src/core.js | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/core.js b/src/core.js index 14a653916..1bf7e5603 100644 --- a/src/core.js +++ b/src/core.js @@ -40,8 +40,9 @@ var trimRight = /\s+$/, // A simple way to check for HTML strings - // If starts-with '<' - rhtmlString = /^\s*(<[\w\W]+>)[^>]*$/, + // Prioritize #id over <tag> to avoid XSS via location.hash (#9521) + // Ignore html if within quotes "" '' or brackets/parens [] () + rhtmlString = /^(?:[^#<\\]*(<[\w\W]+>)(?![^\[]*\])(?![^\(]*\))(?![^']*')(?![^"]*")[^>]*$)/, // Match a standalone tag rsingleTag = /^<(\w+)\s*\/?>(?:<\/\1>)?$/, |