capture: fix possible error of invalid custom element name

danny0838 · Sep 14, 2024 · 5859ede · 5859ede
1 parent a5bb2ed
commit 5859ede
Show file tree

Hide file tree

Showing 3 changed files with 55 additions and 1 deletion.
diff --git a/src/capturer/common.js b/src/capturer/common.js
@@ -58,6 +58,20 @@
     ['origin-when-crossorigin', 'origin-when-cross-origin'],
   ]);
 
+	const CUSTOM_ELEMENT_NAME_PATTERN = /^[a-z](.+)-(.+)$/;
+
+	// ref: https://html.spec.whatwg.org/multipage/custom-elements.html#valid-custom-element-name
+	const CUSTOM_ELEMENT_NAME_FORBIDDEN = new Set([
+		"annotation-xml",
+		"color-profile",
+		"font-face",
+		"font-face-src",
+		"font-face-uri",
+		"font-face-format",
+		"font-face-name",
+		"missing-glyph",
+	]);
+
   const REWRITABLE_SPECIAL_OBJECTS = new Set([false, 'adoptedStyleSheet']);
 
   const REMOVE_HIDDEN_EXCLUDE_HTML = new Set(["html", "head", "title", "meta", "link", "style", "script", "body", "noscript", "template", "source", "track"]);
@@ -2770,7 +2784,7 @@
       // record custom elements
       {
         const nodeName = elem.nodeName.toLowerCase();
-        if (nodeName.includes('-')) {
+        if (CUSTOM_ELEMENT_NAME_PATTERN.test(nodeName) && !CUSTOM_ELEMENT_NAME_FORBIDDEN.has(nodeName)) {
           customElementNames.add(nodeName);
         }
       }

diff --git a/test/t/capture_custom_elements/bad.html b/test/t/capture_custom_elements/bad.html
@@ -0,0 +1,23 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta charset="UTF-8">
+<title>Test bad custom elements</title>
+</head>
+<body>
+<blockquote></blockquote>
+<blockquote><annotation-xml>something</annotation-xml></blockquote>
+<blockquote><color-profile>something</color-profile></blockquote>
+<blockquote><font-face>something</font-face></blockquote>
+<blockquote><font-face-src>something</font-face-src></blockquote>
+<blockquote><font-face-uri>something</font-face-uri></blockquote>
+<blockquote><font-face-format>something</font-face-format></blockquote>
+<blockquote><font-face-name>something</font-face-name></blockquote>
+<blockquote><missing-glyph>something</missing-glyph></blockquote>
+</body>
+<script>
+var wrapper = document.querySelectorAll('blockquote')[0];
+var elem = wrapper.appendChild(document.createElement('_bad-elem'));
+elem.textContent = 'something';
+</script>
+</html>
diff --git a/test/test_capture.js b/test/test_capture.js
@@ -13552,6 +13552,23 @@ it('test_capture_custom_elements', async function () {
   assert(value.match(rawRegex`${'^'}(function (names) {${'.+'}})(["custom-subelem","custom-elem"])${'$'}`));
 });
 
+it('test_capture_custom_elements_bad', async function () {
+	/* capture.script = remove */
+  var options = {
+    "capture.script": "remove",
+  };
+  var blob = await capture({
+    url: `${localhost}/capture_custom_elements/bad.html`,
+    options: Object.assign({}, baseOptions, options),
+  });
+
+  var zip = await new JSZip().loadAsync(blob);
+  var indexFile = zip.file('index.html');
+  var indexBlob = new Blob([await indexFile.async('blob')], {type: "text/html"});
+  var doc = await readFileAsDocument(indexBlob);
+  assert(!doc.querySelector(`script[data-scrapbook-elem="custom-elements-loader"]`));
+});
+
 /**
  * Check if option works
  *