bonitasoft · julienmege · Mar 3, 2023 · Dec 12, 2022
diff --git a/docs/content/error/$sanitize/uinput.ngdoc b/docs/content/error/$sanitize/uinput.ngdoc
@@ -0,0 +1,13 @@
+@ngdoc error
+@name $sanitize:uinput
+@fullName Failed to sanitize html because the input is unstable
+@description
+
+This error occurs when `$sanitize` sanitizer tries to check the input for possible mXSS payload and the verification
+errors due to the input mutating indefinitely. This could be a sign that the payload contains code exploiting an mXSS
+vulnerability in the browser.
+
+mXSS attack exploit browser bugs that cause some browsers parse a certain html strings into DOM, which once serialized
+doesn't match the original input. These browser bugs can be exploited by attackers to create payload which looks
+harmless to sanitizers, but due to mutations caused by the browser are turned into dangerous code once processed after
+sanitization.
diff --git a/lib/htmlparser/htmlparser.js b/lib/htmlparser/htmlparser.js
@@ -72,7 +72,7 @@
             chars = false;
           }
 
-        // end tag
+          // end tag
         } else if ( html.indexOf("</") == 0 ) {
           match = html.match( endTag );
 
@@ -82,7 +82,7 @@
             chars = false;
           }
 
-        // start tag
+          // start tag
         } else if ( html.indexOf("<") == 0 ) {
           match = html.match( startTag );
 
@@ -147,8 +147,8 @@
         rest.replace(attr, function(match, name) {
           var value = arguments[2] ? arguments[2] :
             arguments[3] ? arguments[3] :
-            arguments[4] ? arguments[4] :
-            fillAttrs[name] ? name : "";
+              arguments[4] ? arguments[4] :
+                fillAttrs[name] ? name : "";
 
           attrs.push({
             name: name,