diff --git a/closure/goog/html/sanitizer/htmlsanitizer_test.js b/closure/goog/html/sanitizer/htmlsanitizer_test.js
index ef2e63b671..36884f8039 100644
--- a/closure/goog/html/sanitizer/htmlsanitizer_test.js
+++ b/closure/goog/html/sanitizer/htmlsanitizer_test.js
@@ -1648,11 +1648,11 @@ function testUrlWithCredentials() {
function testClobberedForm() {
- var input = '';
+ var input = '';
// Passing a string in assertSanitizedHtml uses assertHtmlMatches, which is
// also vulnerable to clobbering. We use a regexp to fall back to simple
// string matching.
- var expected = new RegExp('');
+ var expected = new RegExp('');
assertSanitizedHtml(
input, expected,
new goog.html.sanitizer.HtmlSanitizer.Builder()
diff --git a/closure/goog/html/sanitizer/safedomtreeprocessor.js b/closure/goog/html/sanitizer/safedomtreeprocessor.js
index e9b6bf66da..3f218b483c 100644
--- a/closure/goog/html/sanitizer/safedomtreeprocessor.js
+++ b/closure/goog/html/sanitizer/safedomtreeprocessor.js
@@ -108,9 +108,12 @@ SafeDomTreeProcessor.prototype.processToString = function(html) {
newRoot.appendChild(newTree);
newTree = newRoot;
}
-
- // Serialized string of the sanitized DOM without root span tag
- return newTree.innerHTML;
+ // The XMLSerializer will add a spurious xmlns attribute to the root node.
+ var serializedNewTree = new XMLSerializer().serializeToString(newTree);
+ // Remove the outer span before returning the string representation of the
+ // processed copy.
+ return serializedNewTree.slice(
+ serializedNewTree.indexOf('>') + 1, serializedNewTree.lastIndexOf('';
- var actual = new NoopProcessor().processToString(input);
-
- if (SafeDomTreeProcessor.SAFE_PARSING_SUPPORTED) {
- assertEquals(input, actual);
- } else {
- assertEquals('', actual);
- }
- },
-
testTagChanged() {
var processor = new NoopProcessor();
processor.createElementWithoutAttributes = anchorToFoo;