From 40139e1c02f8576c775f6ea29a713148474330b1 Mon Sep 17 00:00:00 2001
From: Timothy Farrell <tim@thecookiejar.me>
Date: Thu, 2 Feb 2017 20:26:33 -0600
Subject: [PATCH] Lock down element type creation

---
 packages/projector/src/constants.js |  5 +++++
 packages/projector/src/projector.js | 15 ++++++++++-----
 2 files changed, 15 insertions(+), 5 deletions(-)
 create mode 100644 packages/projector/src/constants.js

diff --git a/packages/projector/src/constants.js b/packages/projector/src/constants.js
new file mode 100644
index 0000000..15e9ad8
--- /dev/null
+++ b/packages/projector/src/constants.js
@@ -0,0 +1,5 @@
+export const ALLOWED_SETTABLE_PROPERTIES = 'style lang dataset dir tabIndex textContent title scrollTop scrollLeft className width height'.split(
+	' '
+);
+export const DISALLOWED_ELEMENTS = 'script embed object style'.split(' ');
+export const OVERRIDING_EVENTS = ['contextmenu', 'dragover', 'drop'];
diff --git a/packages/projector/src/projector.js b/packages/projector/src/projector.js
index f73b213..06d5a41 100644
--- a/packages/projector/src/projector.js
+++ b/packages/projector/src/projector.js
@@ -1,11 +1,12 @@
 import { isFunction } from 'trimkit';
 
 import { supportsPassive } from './utils.js';
+import {
+	ALLOWED_SETTABLE_PROPERTIES,
+	DISALLOWED_ELEMENTS,
+	OVERRIDING_EVENTS
+} from './constants.js';
 
-const ALLOWED_SETTABLE_PROPERTIES = 'style lang dataset dir tabIndex title scrollTop scrollLeft className width height'.split(
-	' '
-);
-const OVERRIDING_EVENTS = ['contextmenu', 'dragover', 'drop'];
 function getEventList(element) {
 	const evtString = element.getAttribute('evl');
 	return evtString ? evtString.split(';') : [];
@@ -88,7 +89,11 @@ export function Projector(domRoot) {
 		if (type === 3) {
 			element = document.createTextNode(props.textContent);
 		} else if (type === 1) {
-			element = document.createElement(name);
+			if (DISALLOWED_ELEMENTS.includes(name)) {
+				element = document.createElement('div');
+			} else {
+				element = document.createElement(name);
+			}
 		}
 		elementMap.set((element._id = id), element);
 		setAttributes(element, props);