From 5caa08f069883b39230b8071eb268ee226c5911c Mon Sep 17 00:00:00 2001 From: jackfromeast Date: Mon, 16 Sep 2024 11:42:53 -0400 Subject: [PATCH] fix: avoid DOM Clobbering gadget in `getRelativeUrlFromDocument` (#18115) --- packages/vite/src/node/build.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/vite/src/node/build.ts b/packages/vite/src/node/build.ts index b093ecfb5e213a..ca8025a386dd71 100644 --- a/packages/vite/src/node/build.ts +++ b/packages/vite/src/node/build.ts @@ -1094,7 +1094,7 @@ const getRelativeUrlFromDocument = (relativePath: string, umd = false) => getResolveUrl( `'${escapeId(relativePath)}', ${ umd ? `typeof document === 'undefined' ? location.href : ` : '' - }document.currentScript && document.currentScript.src || document.baseURI`, + }document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI`, ) const getFileUrlFromFullPath = (path: string) =>