From 3193859a045f380084cda3ca825000fcc1205a4d Mon Sep 17 00:00:00 2001
From: Eric Cornelissen <ericornelissen@gmail.com>
Date: Wed, 6 Nov 2024 17:16:57 +0100
Subject: [PATCH 1/2] Update "Namespace Isolation" pattern description

---
 domc_wiki/indicators/patterns.md | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/domc_wiki/indicators/patterns.md b/domc_wiki/indicators/patterns.md
index b37a24e..b336d27 100644
--- a/domc_wiki/indicators/patterns.md
+++ b/domc_wiki/indicators/patterns.md
@@ -49,7 +49,6 @@ Properties of `document` can always be overwritten by DOM Clobbering, even immed
 
 ### Namespace Isolation
 
-While robust sanitizers may remove [named properties](https://webidl.spec.whatwg.org/#dfn-support-named-properties), an alternative solution is to separate the namespace of variables defined by JavaScript code and named properties in user-generated markups. For example, the markdown to HTML converter of source code version control applications often prefix `id` and `name` attribute values of user-generated markup with a specific string. Motivated by this solution, one can monitor runtime changes in the DOM tree via the [MutationObserver API](https://developer.mozilla.org/en-US/docs/Web/API/MutationObserver), and prefix named properties of all dynamically inserted markups before adding them to the tree, which patches all aforementioned vulnerable patterns.
-
-
+While robust sanitizers may remove [named properties](https://webidl.spec.whatwg.org/#dfn-support-named-properties), an alternative solution is to separate the namespace of variables defined by JavaScript code and named properties in user-generated markups. For example, the markdown to HTML converter of source code version control applications often prefix `id` and `name` attribute values of user-generated markup with a specific string. If you use [DOMPurify](https://cure53.de/purify) you can use the [`SANITIZE_NAMED_PROPS`](https://github.com/cure53/DOMPurify/pull/710) option to automatically namespace `id`s and `name`s.
 
+Alternatively, one monitor runtime changes in the DOM tree via the [MutationObserver API](https://developer.mozilla.org/en-US/docs/Web/API/MutationObserver), and prefix named properties of all dynamically inserted markups before adding them to the tree like [@weizman/shield](https://weizmangal.com/shield/) does. This provides some protections provided you can ensure it is run first, but you need to be careful when dynamically inserting HTML because it can temporarily cause clobbering. Also, some newer `<iframe>`-based clobbering techniques might be able to sidestep it.

From d36b9af21aba75e4839093f29e0c62064b7cac71 Mon Sep 17 00:00:00 2001
From: Eric Cornelissen <ericornelissen@gmail.com>
Date: Wed, 6 Nov 2024 17:17:59 +0100
Subject: [PATCH 2/2] typo

---
 domc_wiki/indicators/patterns.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/domc_wiki/indicators/patterns.md b/domc_wiki/indicators/patterns.md
index b336d27..baa65cf 100644
--- a/domc_wiki/indicators/patterns.md
+++ b/domc_wiki/indicators/patterns.md
@@ -51,4 +51,4 @@ Properties of `document` can always be overwritten by DOM Clobbering, even immed
 
 While robust sanitizers may remove [named properties](https://webidl.spec.whatwg.org/#dfn-support-named-properties), an alternative solution is to separate the namespace of variables defined by JavaScript code and named properties in user-generated markups. For example, the markdown to HTML converter of source code version control applications often prefix `id` and `name` attribute values of user-generated markup with a specific string. If you use [DOMPurify](https://cure53.de/purify) you can use the [`SANITIZE_NAMED_PROPS`](https://github.com/cure53/DOMPurify/pull/710) option to automatically namespace `id`s and `name`s.
 
-Alternatively, one monitor runtime changes in the DOM tree via the [MutationObserver API](https://developer.mozilla.org/en-US/docs/Web/API/MutationObserver), and prefix named properties of all dynamically inserted markups before adding them to the tree like [@weizman/shield](https://weizmangal.com/shield/) does. This provides some protections provided you can ensure it is run first, but you need to be careful when dynamically inserting HTML because it can temporarily cause clobbering. Also, some newer `<iframe>`-based clobbering techniques might be able to sidestep it.
+Alternatively, one can monitor runtime changes in the DOM tree via the [MutationObserver API](https://developer.mozilla.org/en-US/docs/Web/API/MutationObserver), and prefix named properties of all dynamically inserted markups before adding them to the tree like [@weizman/shield](https://weizmangal.com/shield/) does. This provides some protections provided you can ensure it is run first, but you need to be careful when dynamically inserting HTML because it can temporarily cause clobbering. Also, some newer `<iframe>`-based clobbering techniques might be able to sidestep it.