diff --git a/packages/core/src/sanitization/inert_body.ts b/packages/core/src/sanitization/inert_body.ts
index 62c6598df8..0d7173f01a 100644
--- a/packages/core/src/sanitization/inert_body.ts
+++ b/packages/core/src/sanitization/inert_body.ts
@@ -32,8 +32,9 @@ class DOMParserHelper implements InertBodyHelper {
getInertBodyElement(html: string): HTMLElement|null {
// We add these extra elements to ensure that the rest of the content is parsed as expected
// e.g. leading whitespace is maintained and tags like `` do not get hoisted to the
- // `` tag.
- html = '' + html + '';
+ // `` tag. Note that the `` tag is closed implicitly to prevent unclosed tags
+ // in `html` from consuming the otherwise explicit `` tag.
+ html = '' + html;
try {
const body = new (window as any).DOMParser().parseFromString(html, 'text/html').body as
HTMLBodyElement;
diff --git a/packages/core/test/sanitization/html_sanitizer_spec.ts b/packages/core/test/sanitization/html_sanitizer_spec.ts
index dc83ca31f5..d577ce2c4d 100644
--- a/packages/core/test/sanitization/html_sanitizer_spec.ts
+++ b/packages/core/test/sanitization/html_sanitizer_spec.ts
@@ -173,6 +173,27 @@ import {isDOMParserAvailable} from '../../src/sanitization/inert_body';
expect(logMsgs.join('\n')).toMatch(/sanitizing HTML stripped some content/);
});
+ it('should strip unclosed iframe tag', () => {
+ expect(_sanitizeHtml(defaultDoc, '