Make sure dom sanitizer attributes are normalized to lower case

mjbvz · mjbvz · commit 1048f32f6178 · 2025-09-02T16:32:41.000-07:00
Fixes microsoft#259148
diff --git a/src/vs/base/browser/domSanitize.ts b/src/vs/base/browser/domSanitize.ts
@@ -248,6 +248,17 @@ export function sanitizeHtml(untrusted: string, config?: DomSanitizerConfig): Tr
 			}
 		}
 
+		// All attr names are lower-case in the sanitizer hooks
+		resolvedAttributes = resolvedAttributes.map((attr): string | SanitizeAttributeRule => {
+			if (typeof attr === 'string') {
+				return attr.toLowerCase();
+			}
+			return {
+				attributeName: attr.attributeName.toLowerCase(),
+				shouldKeep: attr.shouldKeep,
+			};
+		});
+
 		const allowedAttrNames = new Set(resolvedAttributes.map(attr => typeof attr === 'string' ? attr : attr.attributeName));
 		const allowedAttrPredicates = new Map<string, SanitizeAttributeRule>();
 		for (const attr of resolvedAttributes) {
diff --git a/src/vs/base/test/browser/domSanitize.test.ts b/src/vs/base/test/browser/domSanitize.test.ts
@@ -61,6 +61,23 @@ suite('DomSanitize', () => {
 		assert.ok(str.includes('custom-attr="value"'));
 	});
 
+	test('Attributes in config should be case insensitive', () => {
+		const html = '<div Custom-Attr="value">content</div>';
+
+		{
+			const result = sanitizeHtml(html, {
+				allowedAttributes: { override: ['custom-attr'] }
+			});
+			assert.ok(result.toString().includes('custom-attr="value"'));
+		}
+		{
+			const result = sanitizeHtml(html, {
+				allowedAttributes: { override: ['CUSTOM-ATTR'] }
+			});
+			assert.ok(result.toString().includes('custom-attr="value"'));
+		}
+	});
+
 	test('removes unsupported protocols for href by default', () => {
 		const html = '<a href="javascript:alert(1)">bad link</a>';
 		const result = sanitizeHtml(html);
diff --git a/src/vs/workbench/contrib/markdown/test/browser/__snapshots__/Markdown_Katex_Support_Test_Should_support_blocks_immediately_after_paragraph.0.snap b/src/vs/workbench/contrib/markdown/test/browser/__snapshots__/Markdown_Katex_Support_Test_Should_support_blocks_immediately_after_paragraph.0.snap
@@ -1,4 +1,4 @@
-<p>Block example:</p><span class="katex-display"><span class="katex"><span class="katex-mathml"><math><semantics><mrow><msubsup><mo>∫</mo><mrow><mo>−</mo><mi>∞</mi></mrow><mi>∞</mi></msubsup><msup><mi>e</mi><mrow><mo>−</mo><msup><mi>x</mi><mn>2</mn></msup></mrow></msup><mi>d</mi><mi>x</mi><mo>=</mo><msqrt><mi>π</mi></msqrt></mrow><annotation encoding="application/x-tex">\int_{-\infty}^{\infty} e^{-x^2} dx = \sqrt{\pi}</annotation></semantics></math></span><span class="katex-html"><span class="base"><span style="height: 2.3846em; vertical-align: -0.9703em" class="strut"></span><span class="mop"><span style="margin-right: 0.44445em; position: relative; top: -0.0011em" class="mop op-symbol large-op">∫</span><span class="msupsub"><span class="vlist-t vlist-t2"><span class="vlist-r"><span style="height: 1.4143em" class="vlist"><span style="top: -1.7881em; margin-left: -0.4445em; margin-right: 0.05em"><span style="height: 2.7em" class="pstrut"></span><span class="sizing reset-size6 size3 mtight"><span class="mord mtight"><span class="mord mtight">−</span><span class="mord mtight">∞</span></span></span></span><span style="top: -3.8129em; margin-right: 0.05em"><span style="height: 2.7em" class="pstrut"></span><span class="sizing reset-size6 size3 mtight"><span class="mord mtight"><span class="mord mtight">∞</span></span></span></span></span><span class="vlist-s">​</span></span><span class="vlist-r"><span style="height: 0.9703em" class="vlist"><span></span></span></span></span></span></span><span style="margin-right: 0.1667em" class="mspace"></span><span class="mord"><span class="mord mathnormal">e</span><span class="msupsub"><span class="vlist-t"><span class="vlist-r"><span style="height: 1.0369em" class="vlist"><span style="top: -3.113em; margin-right: 0.05em"><span style="height: 2.7em" class="pstrut"></span><span class="sizing reset-size6 size3 mtight"><span class="mord mtight"><span class="mord mtight">−</span><span class="mord mtight"><span class="mord mathnormal mtight">x</span><span class="msupsub"><span class="vlist-t"><span class="vlist-r"><span style="height: 0.8913em" class="vlist"><span style="top: -2.931em; margin-right: 0.0714em"><span style="height: 2.5em" class="pstrut"></span><span class="sizing reset-size3 size1 mtight"><span class="mord mtight">2</span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span><span class="mord mathnormal">d</span><span class="mord mathnormal">x</span><span style="margin-right: 0.2778em" class="mspace"></span><span class="mrel">=</span><span style="margin-right: 0.2778em" class="mspace"></span></span><span class="base"><span style="height: 1.04em; vertical-align: -0.1908em" class="strut"></span><span class="mord sqrt"><span class="vlist-t vlist-t2"><span class="vlist-r"><span style="height: 0.8492em" class="vlist"><span style="top: -3em" class="svg-align"><span style="height: 3em" class="pstrut"></span><span style="padding-left: 0.833em" class="mord"><span style="margin-right: 0.03588em" class="mord mathnormal">π</span></span></span><span style="top: -2.8092em"><span style="height: 3em" class="pstrut"></span><span style="min-width: 0.853em; height: 1.08em" class="hide-tail"><svg height="1.08em" width="400em"><path d="M95,702
+<p>Block example:</p><span class="katex-display"><span class="katex"><span class="katex-mathml"><math><semantics><mrow><msubsup><mo>∫</mo><mrow><mo>−</mo><mi>∞</mi></mrow><mi>∞</mi></msubsup><msup><mi>e</mi><mrow><mo>−</mo><msup><mi>x</mi><mn>2</mn></msup></mrow></msup><mi>d</mi><mi>x</mi><mo>=</mo><msqrt><mi>π</mi></msqrt></mrow><annotation encoding="application/x-tex">\int_{-\infty}^{\infty} e^{-x^2} dx = \sqrt{\pi}</annotation></semantics></math></span><span class="katex-html"><span class="base"><span style="height: 2.3846em; vertical-align: -0.9703em" class="strut"></span><span class="mop"><span style="margin-right: 0.44445em; position: relative; top: -0.0011em" class="mop op-symbol large-op">∫</span><span class="msupsub"><span class="vlist-t vlist-t2"><span class="vlist-r"><span style="height: 1.4143em" class="vlist"><span style="top: -1.7881em; margin-left: -0.4445em; margin-right: 0.05em"><span style="height: 2.7em" class="pstrut"></span><span class="sizing reset-size6 size3 mtight"><span class="mord mtight"><span class="mord mtight">−</span><span class="mord mtight">∞</span></span></span></span><span style="top: -3.8129em; margin-right: 0.05em"><span style="height: 2.7em" class="pstrut"></span><span class="sizing reset-size6 size3 mtight"><span class="mord mtight"><span class="mord mtight">∞</span></span></span></span></span><span class="vlist-s">​</span></span><span class="vlist-r"><span style="height: 0.9703em" class="vlist"><span></span></span></span></span></span></span><span style="margin-right: 0.1667em" class="mspace"></span><span class="mord"><span class="mord mathnormal">e</span><span class="msupsub"><span class="vlist-t"><span class="vlist-r"><span style="height: 1.0369em" class="vlist"><span style="top: -3.113em; margin-right: 0.05em"><span style="height: 2.7em" class="pstrut"></span><span class="sizing reset-size6 size3 mtight"><span class="mord mtight"><span class="mord mtight">−</span><span class="mord mtight"><span class="mord mathnormal mtight">x</span><span class="msupsub"><span class="vlist-t"><span class="vlist-r"><span style="height: 0.8913em" class="vlist"><span style="top: -2.931em; margin-right: 0.0714em"><span style="height: 2.5em" class="pstrut"></span><span class="sizing reset-size3 size1 mtight"><span class="mord mtight">2</span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span><span class="mord mathnormal">d</span><span class="mord mathnormal">x</span><span style="margin-right: 0.2778em" class="mspace"></span><span class="mrel">=</span><span style="margin-right: 0.2778em" class="mspace"></span></span><span class="base"><span style="height: 1.04em; vertical-align: -0.1908em" class="strut"></span><span class="mord sqrt"><span class="vlist-t vlist-t2"><span class="vlist-r"><span style="height: 0.8492em" class="vlist"><span style="top: -3em" class="svg-align"><span style="height: 3em" class="pstrut"></span><span style="padding-left: 0.833em" class="mord"><span style="margin-right: 0.03588em" class="mord mathnormal">π</span></span></span><span style="top: -2.8092em"><span style="height: 3em" class="pstrut"></span><span style="min-width: 0.853em; height: 1.08em" class="hide-tail"><svg preserveAspectRatio="xMinYMin slice" viewBox="0 0 400000 1080" height="1.08em" width="400em"><path d="M95,702
 c-2.7,0,-7.17,-2.7,-13.5,-8c-5.8,-5.3,-9.5,-10,-9.5,-14
 c0,-2,0.3,-3.3,1,-4c1.3,-2.7,23.83,-20.7,67.5,-54
 c44.2,-33.3,65.8,-50.3,66.5,-51c1.3,-1.3,3,-2,5,-2c4.7,0,8.7,3.3,12,10

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		-<p>Block example:</p><span class="katex-display"><span class="katex"><span class="katex-mathml"><math><semantics><mrow><msubsup><mo>∫</mo><mrow><mo>−</mo><mi>∞</mi></mrow><mi>∞</mi></msubsup><msup><mi>e</mi><mrow><mo>−</mo><msup><mi>x</mi><mn>2</mn></msup></mrow></msup><mi>d</mi><mi>x</mi><mo>=</mo><msqrt><mi>π</mi></msqrt></mrow><annotation encoding="application/x-tex">\int_{-\infty}^{\infty} e^{-x^2} dx = \sqrt{\pi}</annotation></semantics></math></span><span class="katex-html"><span class="base"><span style="height: 2.3846em; vertical-align: -0.9703em" class="strut"></span><span class="mop"><span style="margin-right: 0.44445em; position: relative; top: -0.0011em" class="mop op-symbol large-op">∫</span><span class="msupsub"><span class="vlist-t vlist-t2"><span class="vlist-r"><span style="height: 1.4143em" class="vlist"><span style="top: -1.7881em; margin-left: -0.4445em; margin-right: 0.05em"><span style="height: 2.7em" class="pstrut"></span><span class="sizing reset-size6 size3 mtight"><span class="mord mtight"><span class="mord mtight">−</span><span class="mord mtight">∞</span></span></span></span><span style="top: -3.8129em; margin-right: 0.05em"><span style="height: 2.7em" class="pstrut"></span><span class="sizing reset-size6 size3 mtight"><span class="mord mtight"><span class="mord mtight">∞</span></span></span></span></span><span class="vlist-s"></span></span><span class="vlist-r"><span style="height: 0.9703em" class="vlist"><span></span></span></span></span></span></span><span style="margin-right: 0.1667em" class="mspace"></span><span class="mord"><span class="mord mathnormal">e</span><span class="msupsub"><span class="vlist-t"><span class="vlist-r"><span style="height: 1.0369em" class="vlist"><span style="top: -3.113em; margin-right: 0.05em"><span style="height: 2.7em" class="pstrut"></span><span class="sizing reset-size6 size3 mtight"><span class="mord mtight"><span class="mord mtight">−</span><span class="mord mtight"><span class="mord mathnormal mtight">x</span><span class="msupsub"><span class="vlist-t"><span class="vlist-r"><span style="height: 0.8913em" class="vlist"><span style="top: -2.931em; margin-right: 0.0714em"><span style="height: 2.5em" class="pstrut"></span><span class="sizing reset-size3 size1 mtight"><span class="mord mtight">2</span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span><span class="mord mathnormal">d</span><span class="mord mathnormal">x</span><span style="margin-right: 0.2778em" class="mspace"></span><span class="mrel">=</span><span style="margin-right: 0.2778em" class="mspace"></span></span><span class="base"><span style="height: 1.04em; vertical-align: -0.1908em" class="strut"></span><span class="mord sqrt"><span class="vlist-t vlist-t2"><span class="vlist-r"><span style="height: 0.8492em" class="vlist"><span style="top: -3em" class="svg-align"><span style="height: 3em" class="pstrut"></span><span style="padding-left: 0.833em" class="mord"><span style="margin-right: 0.03588em" class="mord mathnormal">π</span></span></span><span style="top: -2.8092em"><span style="height: 3em" class="pstrut"></span><span style="min-width: 0.853em; height: 1.08em" class="hide-tail"><svg height="1.08em" width="400em"><path d="M95,702
	`1`	+<p>Block example:</p><span class="katex-display"><span class="katex"><span class="katex-mathml"><math><semantics><mrow><msubsup><mo>∫</mo><mrow><mo>−</mo><mi>∞</mi></mrow><mi>∞</mi></msubsup><msup><mi>e</mi><mrow><mo>−</mo><msup><mi>x</mi><mn>2</mn></msup></mrow></msup><mi>d</mi><mi>x</mi><mo>=</mo><msqrt><mi>π</mi></msqrt></mrow><annotation encoding="application/x-tex">\int_{-\infty}^{\infty} e^{-x^2} dx = \sqrt{\pi}</annotation></semantics></math></span><span class="katex-html"><span class="base"><span style="height: 2.3846em; vertical-align: -0.9703em" class="strut"></span><span class="mop"><span style="margin-right: 0.44445em; position: relative; top: -0.0011em" class="mop op-symbol large-op">∫</span><span class="msupsub"><span class="vlist-t vlist-t2"><span class="vlist-r"><span style="height: 1.4143em" class="vlist"><span style="top: -1.7881em; margin-left: -0.4445em; margin-right: 0.05em"><span style="height: 2.7em" class="pstrut"></span><span class="sizing reset-size6 size3 mtight"><span class="mord mtight"><span class="mord mtight">−</span><span class="mord mtight">∞</span></span></span></span><span style="top: -3.8129em; margin-right: 0.05em"><span style="height: 2.7em" class="pstrut"></span><span class="sizing reset-size6 size3 mtight"><span class="mord mtight"><span class="mord mtight">∞</span></span></span></span></span><span class="vlist-s"></span></span><span class="vlist-r"><span style="height: 0.9703em" class="vlist"><span></span></span></span></span></span></span><span style="margin-right: 0.1667em" class="mspace"></span><span class="mord"><span class="mord mathnormal">e</span><span class="msupsub"><span class="vlist-t"><span class="vlist-r"><span style="height: 1.0369em" class="vlist"><span style="top: -3.113em; margin-right: 0.05em"><span style="height: 2.7em" class="pstrut"></span><span class="sizing reset-size6 size3 mtight"><span class="mord mtight"><span class="mord mtight">−</span><span class="mord mtight"><span class="mord mathnormal mtight">x</span><span class="msupsub"><span class="vlist-t"><span class="vlist-r"><span style="height: 0.8913em" class="vlist"><span style="top: -2.931em; margin-right: 0.0714em"><span style="height: 2.5em" class="pstrut"></span><span class="sizing reset-size3 size1 mtight"><span class="mord mtight">2</span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span><span class="mord mathnormal">d</span><span class="mord mathnormal">x</span><span style="margin-right: 0.2778em" class="mspace"></span><span class="mrel">=</span><span style="margin-right: 0.2778em" class="mspace"></span></span><span class="base"><span style="height: 1.04em; vertical-align: -0.1908em" class="strut"></span><span class="mord sqrt"><span class="vlist-t vlist-t2"><span class="vlist-r"><span style="height: 0.8492em" class="vlist"><span style="top: -3em" class="svg-align"><span style="height: 3em" class="pstrut"></span><span style="padding-left: 0.833em" class="mord"><span style="margin-right: 0.03588em" class="mord mathnormal">π</span></span></span><span style="top: -2.8092em"><span style="height: 3em" class="pstrut"></span><span style="min-width: 0.853em; height: 1.08em" class="hide-tail"><svg preserveAspectRatio="xMinYMin slice" viewBox="0 0 400000 1080" height="1.08em" width="400em"><path d="M95,702
`2`	`2`	`c-2.7,0,-7.17,-2.7,-13.5,-8c-5.8,-5.3,-9.5,-10,-9.5,-14`
`3`	`3`	`c0,-2,0.3,-3.3,1,-4c1.3,-2.7,23.83,-20.7,67.5,-54`
`4`	`4`	`c44.2,-33.3,65.8,-50.3,66.5,-51c1.3,-1.3,3,-2,5,-2c4.7,0,8.7,3.3,12,10`