Test if a given name might override a property of a DOM Node marked as
[OverrideBuiltins]. To be specific,
If an element qualifies as a named property because of its name or id attribute, the value of that attribute is used to set a property on
HTMLFormElement instances. This property overrides any built in property, such as
firstChild, etc. For example:
var overridesBuiltin = ;=== true;=== false;=== true;=== false;// returns ['ATTRIBUTE_NODE', 'CDATA_SECTION_NODE', ...var list = overridesBuiltin;var list = overridesBuiltin;
DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG.
DOMPurify checks for named property clobbering by inspecting the browser it is running in. This is not adequate for some use cases. For example if you are sanitizing only on the server side (e.g. node.js + jsdom) and sending that content to various browsers, properties or method that are implemented in browsers but not jsdom are able to be overridden.
For such a use case, this library provides a convenient hook:
var window = defaultView;var DOMPurify = window;var overridesBuiltin = ;// returns '<img id="webkitRequestFullScreen" src="cat.png">'DOMPurify;overridesBuiltin;// returns '<img src="cat.png">'DOMPurify;