fix issue jhy#1520

Ruefors · May 22, 2021 · 9ff2795 · 9ff2795
1 parent ae9a18c
commit 9ff2795
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 2 deletions.
diff --git a/src/main/java/org/jsoup/Jsoup.java b/src/main/java/org/jsoup/Jsoup.java
@@ -227,7 +227,7 @@ public static Document parse(URL url, int timeoutMillis) throws IOException {
      @see Cleaner#clean(Document)
      */
     public static String clean(String bodyHtml, String baseUri, Safelist safelist) {
-        Document dirty = parseBodyFragment(bodyHtml, baseUri);
+        Document dirty = parse(bodyHtml, baseUri);
         Cleaner cleaner = new Cleaner(safelist);
         Document clean = cleaner.clean(dirty);
         return clean.body().html();

diff --git a/src/main/java/org/jsoup/safety/Cleaner.java b/src/main/java/org/jsoup/safety/Cleaner.java
@@ -65,7 +65,15 @@ public Document clean(Document dirtyDocument) {
         Validate.notNull(dirtyDocument);
 
         Document clean = Document.createShell(dirtyDocument.baseUri());
-        copySafeNodes(dirtyDocument.body(), clean.body());
+        Element head,body;
+        if(dirtyDocument.head().childNodeSize() > 0){
+            head = dirtyDocument.head();
+            copySafeNodes(head, clean.body());
+        }
+        if(dirtyDocument.body().childNodeSize() > 0){
+            body = dirtyDocument.body();
+            copySafeNodes(body, clean.body());
+        }
         clean.outputSettings(dirtyDocument.outputSettings().clone());
 
         return clean;

diff --git a/src/test/java/org/jsoup/safety/CleanerTest.java b/src/test/java/org/jsoup/safety/CleanerTest.java
@@ -339,4 +339,17 @@ public void bailsIfRemovingProtocolThatsNotSet() {
         assertEquals(Document.OutputSettings.Syntax.xml, result.outputSettings().syntax());
         assertEquals("<p>test<br /></p>", result.body().html());
     }
+    @Test public void NoHeadCleanerTest(){
+        Safelist whitelist = Safelist.relaxed()
+                .addTags("!DOCTYPE html", "html","body","head","meta", "style")
+                .addAttributes("meta", "charset");
+        String value = "<html><head><style>.some {color: red}</style></head><body>3<script>alert('pwned')</script>4</body></html>";
+        String doc = Jsoup.clean(value, whitelist);
+        assertEquals("<head>\n" +
+                " <style>.some {color: red}</style>\n" +
+                "</head>\n" +
+                "<body>\n" +
+                " 34\n" +
+                "</body>",doc);
+    }
 }