keycloakify 11.9.15 → 11.9.16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/README.md +3 -0
  2. package/lib/kcSanitize/HtmlPolicyBuilder.js +6 -2
  3. package/lib/kcSanitize/HtmlPolicyBuilder.js.map +1 -1
  4. package/package.json +1 -1
  5. package/src/lib/kcSanitize/HtmlPolicyBuilder.ts +7 -2
package/README.md CHANGED
@@ -133,6 +133,9 @@ Thanks goes to these wonderful people ([emoji key](https://allcontributors.org/d
133
133
  <td align="center" valign="top" width="14.28%"><a href="http://www.linkedin.com/in/antonioacg/"><img src="https://avatars.githubusercontent.com/u/8991621?v=4?s=100" width="100px;" alt="Antonio Casagrande"/><br /><sub><b>Antonio Casagrande</b></sub></a><br /><a href="https://github.com/keycloakify/keycloakify/commits?author=antonioacg" title="Code">💻</a></td>
134
134
  <td align="center" valign="top" width="14.28%"><a href="https://github.com/emouty"><img src="https://avatars.githubusercontent.com/u/16755668?v=4?s=100" width="100px;" alt="emouty"/><br /><sub><b>emouty</b></sub></a><br /><a href="https://github.com/keycloakify/keycloakify/commits?author=emouty" title="Code">💻</a></td>
135
135
  </tr>
136
+ <tr>
137
+ <td align="center" valign="top" width="14.28%"><a href="https://github.com/rgrosjean"><img src="https://avatars.githubusercontent.com/u/39985706?v=4?s=100" width="100px;" alt="rgrosjean"/><br /><sub><b>rgrosjean</b></sub></a><br /><a href="https://github.com/keycloakify/keycloakify/commits?author=rgrosjean" title="Code">💻</a> <a href="https://github.com/keycloakify/keycloakify/commits?author=rgrosjean" title="Tests">⚠️</a></td>
138
+ </tr>
136
139
  </tbody>
137
140
  </table>
138
141
 
package/lib/kcSanitize/HtmlPolicyBuilder.js CHANGED
@@ -16,7 +16,7 @@ export class HtmlPolicyBuilder {
16
16
  this.DOMPurify = (_a = dependencyInjections.DOMPurify) !== null && _a !== void 0 ? _a : DOMPurify;
17
17
  }
18
18
  allowWithoutAttributes(tag) {
19
- this.tagsAllowedWithNoAttribute.add(tag);
19
+ this.tagsAllowedWithNoAttribute.add(tag.toLowerCase());
20
20
  return this;
21
21
  }
22
22
  // Adds the attributes for validation
@@ -159,7 +159,11 @@ export class HtmlPolicyBuilder {
159
159
  // if tag is not allowed to have no attribute then remove it completely
160
160
  if (currentNode.attributes.length == 0 &&
161
161
  currentNode.childNodes.length == 0) {
162
- if (!this.tagsAllowedWithNoAttribute.has(currentNode.tagName)) {
162
+ const tag = currentNode.tagName.toLowerCase();
163
+ if (
164
+ // see OWASP Java HTML Sanitizer documentation > Custom Policies
165
+ ["a", "font", "img", "input", "span"].includes(tag) &&
166
+ !this.tagsAllowedWithNoAttribute.has(tag)) {
163
167
  currentNode.remove();
164
168
  }
165
169
  }
package/lib/kcSanitize/HtmlPolicyBuilder.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"HtmlPolicyBuilder.js","sourceRoot":"","sources":["../../src/lib/kcSanitize/HtmlPolicyBuilder.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,oCAAoC,CAAC;AAY/D,sDAAsD;AACtD,+JAA+J;AAC/J,wEAAwE;AAExE,MAAM,OAAO,iBAAiB;IAU1B,oBAAoB;IACpB,YACI,oBAEE;;QAbE,4BAAuB,GAAuB,IAAI,GAAG,EAAE,CAAC;QACxD,gBAAW,GAAyB,IAAI,GAAG,EAAE,CAAC;QAC9C,+BAA0B,GAAgB,IAAI,GAAG,EAAE,CAAC;QACpD,qBAAgB,GAAyB,IAAI,CAAC;QAC9C,qBAAgB,GAAY,KAAK,CAAC;QAClC,qBAAgB,GAAgB,IAAI,GAAG,EAAE,CAAC;QAC1C,uBAAkB,GAAY,KAAK,CAAC;QASxC,IAAI,CAAC,SAAS,GAAG,MAAA,oBAAoB,CAAC,SAAS,mCAAI,SAAS,CAAC;IACjE,CAAC;IAED,sBAAsB,CAAC,GAAW;QAC9B,IAAI,CAAC,0BAA0B,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACzC,OAAO,IAAI,CAAC;IAChB,CAAC;IAED,qCAAqC;IACrC,eAAe,CAAC,GAAG,IAAc;QAC7B,IAAI,IAAI,CAAC,MAAM,EAAE;YACb,MAAM,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;YACrB,IAAI,CAAC,gBAAgB,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,mCAAmC;SAC9E;QACD,OAAO,IAAI,CAAC;IAChB,CAAC;IAED,iDAAiD;IACjD,QAAQ,CAAC,eAAsD;QAC3D,IAAI,IAAI,CAAC,gBAAgB,EAAE;YACvB,IAAI,eAAe,YAAY,MAAM,EAAE;gBACnC,IAAI,CAAC,gBAAgB,CAAC,UAAU,GAAG,eAAe,CAAC;aACtD;iBAAM;gBACH,IAAI,CAAC,gBAAgB,CAAC,aAAa,GAAG,eAAe,CAAC;aACzD;SACJ;QACD,OAAO,IAAI,CAAC;IAChB,CAAC;IAED,sCAAsC;IACtC,QAAQ;QACJ,IAAI,IAAI,CAAC,gBAAgB,EAAE;YACvB,IAAI,CAAC,gBAAgB,CAAC,UAAU,GAAG,IAAI,CAAC;YACxC,IAAI,CAAC,uBAAuB,CAAC,GAAG,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;YACxD,IAAI,CAAC,gBAAgB,GAAG,IAAI,CAAC,CAAC,iCAAiC;SAClE;QACD,OAAO,IAAI,CAAC;IAChB,CAAC;IAED,yBAAyB;IACzB,YAAY;QACR,IAAI,CAAC,gBAAgB,GAAG,IAAI,CAAC;QAC7B,OAAO,IAAI,CAAC;IAChB,CAAC;IAED,mCAAmC;IACnC,UAAU,CAAC,GAAG,IAAc;QACxB,IAAI,IAAI,CAAC,gBAAgB,EAAE;YACvB,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE;gBACf,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI;oBACzC,IAAI,EAAE,GAAG;oBACT,UAAU,EAAE,EAAE;iBACjB,CAAC;gBACF,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAiB,CAAC,CAAC;gBAChD,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;YACvC,CAAC,CAAC,CAAC;YACH,IAAI,CAAC,gBAAgB,GAAG,IAAI,CAAC,CAAC,mCAAmC;SACpE;QACD,OAAO,IAAI,CAAC;IAChB,CAAC;IAED,4BAA4B;IAC5B,aAAa,CAAC,GAAG,IAAc;QAC3B,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE;YACf,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE;gBAC5B,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC,CAAC;aAC5D;QACL,CAAC,CAAC,CAAC;QACH,OAAO,IAAI,CAAC;IAChB,CAAC;IAED,+BAA+B;IAC/B,yBAAyB;QACrB,IAAI,CAAC,kBAAkB,GAAG,IAAI,CAAC;QAC/B,OAAO,IAAI,CAAC;IAChB,CAAC;IAED,sEAAsE;IACtE,yBAAyB;QACrB,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QAClC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACnC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QACpC,OAAO,IAAI,CAAC;IAChB,CAAC;IAED,KAAK,CAAC,IAAY;QACd,+EAA+E;QAC/E,IAAI,CAAC,SAAS,CAAC,WAAW,EAAE,CAAC;QAC7B,IAAI,CAAC,SAAS,CAAC,cAAc,EAAE,CAAC;QAChC,IAAI,CAAC,UAAU,EAAE,CAAC;QAClB,OAAO,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,IAAI,EAAE;YACjC,YAAY,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC;YACjD,YAAY,EAAE,IAAI,CAAC,oBAAoB,EAAE;YACzC,kBAAkB,EAAE,IAAI,CAAC,mBAAmB,EAAE;YAC9C,QAAQ,EAAE,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE;YAChD,QAAQ,EAAE,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE;SACnD,CAAC,CAAC;IACP,CAAC;IAEO,UAAU;QACd,sFAAsF;QACtF,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,uBAAuB,EAAE,CAAC,WAAW,EAAE,SAAS,EAAE,EAAE;;YACvE,IAAI,CAAC,SAAS;gBAAE,OAAO;YAEvB,MAAM,OAAO,GAAG,WAAW,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC;YAClD,MAAM,iBAAiB,GAAG,CAAA,MAAA,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,0CAAE,UAAU,KAAI,EAAE,CAAC;YAE1E,6CAA6C;YAC7C,IAAI,CAAC,uBAAuB,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE;gBAC7C,iBAAiB,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YACtC,CAAC,CAAC,CAAC;YAEH,2CAA2C;YAC3C,IAAI,IAAI,CAAC,gBAAgB,EAAE;gBACvB,IAAI,cAAc,GAAkB,EAAE,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC;gBACxE,iBAAiB,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;aAC1C;YAED,oCAAoC;YACpC,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,KAAK,SAAS,CAAC,QAAQ,CAAC,EAAE;gBACnE,SAAS,CAAC,aAAa,GAAG,KAAK,CAAC;gBAChC,SAAS,CAAC,QAAQ,GAAG,KAAK,CAAC;gBAC3B,WAAW,CAAC,eAAe,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;gBAChD,OAAO;aACV;iBAAM;gBACH,MAAM,aAAa,GAAG,iBAAiB,CAAC,IAAI,CACxC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,KAAK,SAAS,CAAC,QAAQ,CAC3C,CAAC;gBACF,IAAI,aAAa,EAAE;oBACf,qCAAqC;oBACrC,IACI,aAAa,CAAC,UAAU;wBACxB,CAAC,aAAa,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,EACrD;wBACE,SAAS,CAAC,aAAa,GAAG,KAAK,CAAC;wBAChC,SAAS,CAAC,QAAQ,GAAG,KAAK,CAAC;wBAC3B,WAAW,CAAC,eAAe,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;wBAChD,OAAO;qBACV;oBACD,IACI,aAAa,CAAC,aAAa;wBAC3B,CAAC,aAAa,CAAC,aAAa,CAAC,SAAS,CAAC,SAAS,CAAC,EACnD;wBACE,SAAS,CAAC,aAAa,GAAG,KAAK,CAAC;wBAChC,SAAS,CAAC,QAAQ,GAAG,KAAK,CAAC;wBAC3B,WAAW,CAAC,eAAe,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;wBAChD,OAAO;qBACV;iBACJ;aACJ;YACD,gEAAgE;YAChE,kEAAkE;YAClE,2CAA2C;YAC3C,IAAI,SAAS,CAAC,QAAQ,KAAK,MAAM,EAAE;gBAC/B,SAAS,CAAC,QAAQ,GAAG,IAAI,CAAC;gBAC1B,SAAS,CAAC,aAAa,GAAG,IAAI,CAAC;aAClC;QACL,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,yBAAyB,EAAE,WAAW,CAAC,EAAE;;YAC5D,uEAAuE;YACvE,IACI,WAAW,CAAC,UAAU,CAAC,MAAM,IAAI,CAAC;gBAClC,WAAW,CAAC,UAAU,CAAC,MAAM,IAAI,CAAC,EACpC;gBACE,IAAI,CAAC,IAAI,CAAC,0BAA0B,CAAC,GAAG,CAAC,WAAW,CAAC,OAAO,CAAC,EAAE;oBAC3D,WAAW,CAAC,MAAM,EAAE,CAAC;iBACxB;aACJ;iBAAM;gBACH,gGAAgG;gBAChG,IAAI,WAAW,CAAC,OAAO,KAAK,GAAG,IAAI,WAAW,CAAC,OAAO,KAAK,KAAK,EAAE;oBAC9D,IAAI,WAAW,CAAC,UAAU,CAAC,MAAM,IAAI,CAAC,EAAE;wBACpC,yCAAyC;wBACzC,OAAO,WAAW,CAAC,UAAU,EAAE;4BAC3B,MAAA,WAAW,aAAX,WAAW,uBAAX,WAAW,CAAE,UAAU,0CAAE,YAAY,CACjC,WAAW,CAAC,UAAU,EACtB,WAAW,CACd,CAAC;yBACL;wBACD,gCAAgC;wBAChC,WAAW,CAAC,MAAM,EAAE,CAAC;qBACxB;iBACJ;gBACD,EAAE;gBACF,IAAI,WAAW,CAAC,OAAO,KAAK,GAAG,EAAE;oBAC7B,IAAI,IAAI,CAAC,kBAAkB,EAAE;wBACzB,IAAI,CAAC,WAAW,CAAC,YAAY,CAAC,KAAK,CAAC,EAAE;4BAClC,WAAW,CAAC,YAAY,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC;yBAC/C;6BAAM,IACH,CAAC,CAAA,MAAA,WAAW,CAAC,YAAY,CAAC,KAAK,CAAC,0CAAE,QAAQ,CAAC,UAAU,CAAC,CAAA,EACxD;4BACE,WAAW,CAAC,YAAY,CACpB,KAAK,EACL,WAAW,CAAC,YAAY,CAAC,KAAK,CAAC,GAAG,WAAW,CAChD,CAAC;yBACL;qBACJ;iBACJ;aACJ;QACL,CAAC,CAAC,CAAC;IACP,CAAC;IAEO,oBAAoB;QACxB,MAAM,iBAAiB,GAAgB,IAAI,GAAG,EAAE,CAAC;QACjD,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE;YAC/B,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE;gBACnC,iBAAiB,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;YAC1C,CAAC,CAAC,CAAC;QACP,CAAC,CAAC,CAAC;QACH,IAAI,CAAC,uBAAuB,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE;YAC7C,iBAAiB,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;QAC1C,CAAC,CAAC,CAAC;QACH,OAAO,KAAK,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;IACzC,CAAC;IAEO,mBAAmB;QACvB,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC9D,OAAO,IAAI,MAAM,CAAC,OAAO,SAAS,MAAM,EAAE,GAAG,CAAC,CAAC;IACnD,CAAC;CACJ"}
1
+ {"version":3,"file":"HtmlPolicyBuilder.js","sourceRoot":"","sources":["../../src/lib/kcSanitize/HtmlPolicyBuilder.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,oCAAoC,CAAC;AAY/D,sDAAsD;AACtD,+JAA+J;AAC/J,wEAAwE;AAExE,MAAM,OAAO,iBAAiB;IAU1B,oBAAoB;IACpB,YACI,oBAEE;;QAbE,4BAAuB,GAAuB,IAAI,GAAG,EAAE,CAAC;QACxD,gBAAW,GAAyB,IAAI,GAAG,EAAE,CAAC;QAC9C,+BAA0B,GAAgB,IAAI,GAAG,EAAE,CAAC;QACpD,qBAAgB,GAAyB,IAAI,CAAC;QAC9C,qBAAgB,GAAY,KAAK,CAAC;QAClC,qBAAgB,GAAgB,IAAI,GAAG,EAAE,CAAC;QAC1C,uBAAkB,GAAY,KAAK,CAAC;QASxC,IAAI,CAAC,SAAS,GAAG,MAAA,oBAAoB,CAAC,SAAS,mCAAI,SAAS,CAAC;IACjE,CAAC;IAED,sBAAsB,CAAC,GAAW;QAC9B,IAAI,CAAC,0BAA0B,CAAC,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC;QACvD,OAAO,IAAI,CAAC;IAChB,CAAC;IAED,qCAAqC;IACrC,eAAe,CAAC,GAAG,IAAc;QAC7B,IAAI,IAAI,CAAC,MAAM,EAAE;YACb,MAAM,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;YACrB,IAAI,CAAC,gBAAgB,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,mCAAmC;SAC9E;QACD,OAAO,IAAI,CAAC;IAChB,CAAC;IAED,iDAAiD;IACjD,QAAQ,CAAC,eAAsD;QAC3D,IAAI,IAAI,CAAC,gBAAgB,EAAE;YACvB,IAAI,eAAe,YAAY,MAAM,EAAE;gBACnC,IAAI,CAAC,gBAAgB,CAAC,UAAU,GAAG,eAAe,CAAC;aACtD;iBAAM;gBACH,IAAI,CAAC,gBAAgB,CAAC,aAAa,GAAG,eAAe,CAAC;aACzD;SACJ;QACD,OAAO,IAAI,CAAC;IAChB,CAAC;IAED,sCAAsC;IACtC,QAAQ;QACJ,IAAI,IAAI,CAAC,gBAAgB,EAAE;YACvB,IAAI,CAAC,gBAAgB,CAAC,UAAU,GAAG,IAAI,CAAC;YACxC,IAAI,CAAC,uBAAuB,CAAC,GAAG,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;YACxD,IAAI,CAAC,gBAAgB,GAAG,IAAI,CAAC,CAAC,iCAAiC;SAClE;QACD,OAAO,IAAI,CAAC;IAChB,CAAC;IAED,yBAAyB;IACzB,YAAY;QACR,IAAI,CAAC,gBAAgB,GAAG,IAAI,CAAC;QAC7B,OAAO,IAAI,CAAC;IAChB,CAAC;IAED,mCAAmC;IACnC,UAAU,CAAC,GAAG,IAAc;QACxB,IAAI,IAAI,CAAC,gBAAgB,EAAE;YACvB,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE;gBACf,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI;oBACzC,IAAI,EAAE,GAAG;oBACT,UAAU,EAAE,EAAE;iBACjB,CAAC;gBACF,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAiB,CAAC,CAAC;gBAChD,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;YACvC,CAAC,CAAC,CAAC;YACH,IAAI,CAAC,gBAAgB,GAAG,IAAI,CAAC,CAAC,mCAAmC;SACpE;QACD,OAAO,IAAI,CAAC;IAChB,CAAC;IAED,4BAA4B;IAC5B,aAAa,CAAC,GAAG,IAAc;QAC3B,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE;YACf,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE;gBAC5B,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC,CAAC;aAC5D;QACL,CAAC,CAAC,CAAC;QACH,OAAO,IAAI,CAAC;IAChB,CAAC;IAED,+BAA+B;IAC/B,yBAAyB;QACrB,IAAI,CAAC,kBAAkB,GAAG,IAAI,CAAC;QAC/B,OAAO,IAAI,CAAC;IAChB,CAAC;IAED,sEAAsE;IACtE,yBAAyB;QACrB,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QAClC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACnC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QACpC,OAAO,IAAI,CAAC;IAChB,CAAC;IAED,KAAK,CAAC,IAAY;QACd,+EAA+E;QAC/E,IAAI,CAAC,SAAS,CAAC,WAAW,EAAE,CAAC;QAC7B,IAAI,CAAC,SAAS,CAAC,cAAc,EAAE,CAAC;QAChC,IAAI,CAAC,UAAU,EAAE,CAAC;QAClB,OAAO,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,IAAI,EAAE;YACjC,YAAY,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC;YACjD,YAAY,EAAE,IAAI,CAAC,oBAAoB,EAAE;YACzC,kBAAkB,EAAE,IAAI,CAAC,mBAAmB,EAAE;YAC9C,QAAQ,EAAE,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE;YAChD,QAAQ,EAAE,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE;SACnD,CAAC,CAAC;IACP,CAAC;IAEO,UAAU;QACd,sFAAsF;QACtF,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,uBAAuB,EAAE,CAAC,WAAW,EAAE,SAAS,EAAE,EAAE;;YACvE,IAAI,CAAC,SAAS;gBAAE,OAAO;YAEvB,MAAM,OAAO,GAAG,WAAW,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC;YAClD,MAAM,iBAAiB,GAAG,CAAA,MAAA,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,0CAAE,UAAU,KAAI,EAAE,CAAC;YAE1E,6CAA6C;YAC7C,IAAI,CAAC,uBAAuB,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE;gBAC7C,iBAAiB,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YACtC,CAAC,CAAC,CAAC;YAEH,2CAA2C;YAC3C,IAAI,IAAI,CAAC,gBAAgB,EAAE;gBACvB,IAAI,cAAc,GAAkB,EAAE,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC;gBACxE,iBAAiB,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;aAC1C;YAED,oCAAoC;YACpC,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,KAAK,SAAS,CAAC,QAAQ,CAAC,EAAE;gBACnE,SAAS,CAAC,aAAa,GAAG,KAAK,CAAC;gBAChC,SAAS,CAAC,QAAQ,GAAG,KAAK,CAAC;gBAC3B,WAAW,CAAC,eAAe,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;gBAChD,OAAO;aACV;iBAAM;gBACH,MAAM,aAAa,GAAG,iBAAiB,CAAC,IAAI,CACxC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,KAAK,SAAS,CAAC,QAAQ,CAC3C,CAAC;gBACF,IAAI,aAAa,EAAE;oBACf,qCAAqC;oBACrC,IACI,aAAa,CAAC,UAAU;wBACxB,CAAC,aAAa,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,EACrD;wBACE,SAAS,CAAC,aAAa,GAAG,KAAK,CAAC;wBAChC,SAAS,CAAC,QAAQ,GAAG,KAAK,CAAC;wBAC3B,WAAW,CAAC,eAAe,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;wBAChD,OAAO;qBACV;oBACD,IACI,aAAa,CAAC,aAAa;wBAC3B,CAAC,aAAa,CAAC,aAAa,CAAC,SAAS,CAAC,SAAS,CAAC,EACnD;wBACE,SAAS,CAAC,aAAa,GAAG,KAAK,CAAC;wBAChC,SAAS,CAAC,QAAQ,GAAG,KAAK,CAAC;wBAC3B,WAAW,CAAC,eAAe,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;wBAChD,OAAO;qBACV;iBACJ;aACJ;YACD,gEAAgE;YAChE,kEAAkE;YAClE,2CAA2C;YAC3C,IAAI,SAAS,CAAC,QAAQ,KAAK,MAAM,EAAE;gBAC/B,SAAS,CAAC,QAAQ,GAAG,IAAI,CAAC;gBAC1B,SAAS,CAAC,aAAa,GAAG,IAAI,CAAC;aAClC;QACL,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,yBAAyB,EAAE,WAAW,CAAC,EAAE;;YAC5D,uEAAuE;YACvE,IACI,WAAW,CAAC,UAAU,CAAC,MAAM,IAAI,CAAC;gBAClC,WAAW,CAAC,UAAU,CAAC,MAAM,IAAI,CAAC,EACpC;gBACE,MAAM,GAAG,GAAG,WAAW,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC;gBAC9C;gBACI,gEAAgE;gBAChE,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC;oBACnD,CAAC,IAAI,CAAC,0BAA0B,CAAC,GAAG,CAAC,GAAG,CAAC,EAC3C;oBACE,WAAW,CAAC,MAAM,EAAE,CAAC;iBACxB;aACJ;iBAAM;gBACH,gGAAgG;gBAChG,IAAI,WAAW,CAAC,OAAO,KAAK,GAAG,IAAI,WAAW,CAAC,OAAO,KAAK,KAAK,EAAE;oBAC9D,IAAI,WAAW,CAAC,UAAU,CAAC,MAAM,IAAI,CAAC,EAAE;wBACpC,yCAAyC;wBACzC,OAAO,WAAW,CAAC,UAAU,EAAE;4BAC3B,MAAA,WAAW,aAAX,WAAW,uBAAX,WAAW,CAAE,UAAU,0CAAE,YAAY,CACjC,WAAW,CAAC,UAAU,EACtB,WAAW,CACd,CAAC;yBACL;wBACD,gCAAgC;wBAChC,WAAW,CAAC,MAAM,EAAE,CAAC;qBACxB;iBACJ;gBACD,EAAE;gBACF,IAAI,WAAW,CAAC,OAAO,KAAK,GAAG,EAAE;oBAC7B,IAAI,IAAI,CAAC,kBAAkB,EAAE;wBACzB,IAAI,CAAC,WAAW,CAAC,YAAY,CAAC,KAAK,CAAC,EAAE;4BAClC,WAAW,CAAC,YAAY,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC;yBAC/C;6BAAM,IACH,CAAC,CAAA,MAAA,WAAW,CAAC,YAAY,CAAC,KAAK,CAAC,0CAAE,QAAQ,CAAC,UAAU,CAAC,CAAA,EACxD;4BACE,WAAW,CAAC,YAAY,CACpB,KAAK,EACL,WAAW,CAAC,YAAY,CAAC,KAAK,CAAC,GAAG,WAAW,CAChD,CAAC;yBACL;qBACJ;iBACJ;aACJ;QACL,CAAC,CAAC,CAAC;IACP,CAAC;IAEO,oBAAoB;QACxB,MAAM,iBAAiB,GAAgB,IAAI,GAAG,EAAE,CAAC;QACjD,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE;YAC/B,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE;gBACnC,iBAAiB,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;YAC1C,CAAC,CAAC,CAAC;QACP,CAAC,CAAC,CAAC;QACH,IAAI,CAAC,uBAAuB,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE;YAC7C,iBAAiB,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;QAC1C,CAAC,CAAC,CAAC;QACH,OAAO,KAAK,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;IACzC,CAAC;IAEO,mBAAmB;QACvB,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC9D,OAAO,IAAI,MAAM,CAAC,OAAO,SAAS,MAAM,EAAE,GAAG,CAAC,CAAC;IACnD,CAAC;CACJ"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "keycloakify",
3
- "version": "11.9.15",
3
+ "version": "11.9.16",
4
4
  "description": "Framework to create custom Keycloak UIs",
5
5
  "repository": {
6
6
  "type": "git",
package/src/lib/kcSanitize/HtmlPolicyBuilder.ts CHANGED
@@ -34,7 +34,7 @@ export class HtmlPolicyBuilder {
34
34
  }
35
35
 
36
36
  allowWithoutAttributes(tag: string): this {
37
- this.tagsAllowedWithNoAttribute.add(tag);
37
+ this.tagsAllowedWithNoAttribute.add(tag.toLowerCase());
38
38
  return this;
39
39
  }
40
40
 
@@ -195,7 +195,12 @@ export class HtmlPolicyBuilder {
195
195
  currentNode.attributes.length == 0 &&
196
196
  currentNode.childNodes.length == 0
197
197
  ) {
198
- if (!this.tagsAllowedWithNoAttribute.has(currentNode.tagName)) {
198
+ const tag = currentNode.tagName.toLowerCase();
199
+ if (
200
+ // see OWASP Java HTML Sanitizer documentation > Custom Policies
201
+ ["a", "font", "img", "input", "span"].includes(tag) &&
202
+ !this.tagsAllowedWithNoAttribute.has(tag)
203
+ ) {
199
204
  currentNode.remove();
200
205
  }
201
206
  } else {