fix(node-prismjs): CVE-2024-53382

debian/changelog

@@ -1,3 +1,10 @@
+node-prismjs (1.29.0+dfsg+~1.26.0-1deepin1) unstable; urgency=medium
+
+  * Fix CVE-2024-53382: DOM Clobbering vulnerability in currentScript
+    lookup
+
+ -- deepin-ci-robot <packages@deepin.org>  Wed, 29 Apr 2026 21:04:17 +0800
+
 node-prismjs (1.29.0+dfsg+~1.26.0-1) unstable; urgency=medium
 
   * Team upload

debian/patches/cve_2024_53382.patch

@@ -0,0 +1,26 @@
+Index: github-node-prismjs-53382/components/prism-core.js
+===================================================================
+--- github-node-prismjs-53382.orig/components/prism-core.js
++++ github-node-prismjs-53382/components/prism-core.js
+@@ -222,7 +222,7 @@ var Prism = (function (_self) {
+ 				if (typeof document === 'undefined') {
+ 					return null;
+ 				}
+-				if ('currentScript' in document && 1 < 2 /* hack to trip TS' flow analysis */) {
++				if (document.currentScript && document.currentScript.tagName === 'SCRIPT' && 1 < 2 /* hack to trip TS' flow analysis */) {
+ 					return /** @type {any} */ (document.currentScript);
+ 				}
+
+Index: github-node-prismjs-53382/prism.js
+===================================================================
+--- github-node-prismjs-53382.orig/prism.js
++++ github-node-prismjs-53382/prism.js
+@@ -227,7 +227,7 @@ var Prism = (function (_self) {
+ 				if (typeof document === 'undefined') {
+ 					return null;
+ 				}
+-				if ('currentScript' in document && 1 < 2 /* hack to trip TS' flow analysis */) {
++				if (document.currentScript && document.currentScript.tagName === 'SCRIPT' && 1 < 2 /* hack to trip TS' flow analysis */) {
+ 					return /** @type {any} */ (document.currentScript);
+ 				}
+

debian/patches/series

@@ -1 +1,2 @@
 drop-prettier-in-test.patch
+cve_2024_53382.patch