add DOMPurify

front/package.json

@@ -42,6 +42,7 @@
     "cancelable-promise": "^4.2.1",
     "cross-env": "^7.0.3",
     "deep-copy-ts": "^0.5.0",
+    "dompurify" : "^2.3.6",
     "easystarjs": "^0.4.4",
     "generic-type-guard": "^3.4.2",
     "google-protobuf": "^3.13.0",

front/src/WebRtc/HtmlUtils.ts

@@ -1,4 +1,4 @@
-// import sanitizeHtml from 'sanitize-html';
+import DOMPurify from 'dompurify';
 
 export class HtmlUtils {
     public static getElementByIdOrFail<T extends HTMLElement>(id: string): T {
@@ -40,8 +40,8 @@ export class HtmlUtils {
 
     public static sanitize(html: string | number | boolean | undefined): string {
         if (typeof html === "string") {
-            return html;
-            /* TODO: fix sanitizer, sanitizeHtml seems not to work with vite 
+            return DOMPurify.sanitize(html);
+            /* TODO: fix sanitizer, apply sanitizeHtml rules to DOMPurify
             return sanitizeHtml(html, {
                 allowedAttributes: {
                     span: ["style"],

front/yarn.lock

@@ -876,6 +876,11 @@ doctrine@^3.0.0:
   dependencies:
     esutils "^2.0.2"
 
+dompurify@^2.3.6:
+  version "2.3.6"
+  resolved "https://registry.yarnpkg.com/dompurify/-/dompurify-2.3.6.tgz#2e019d7d7617aacac07cbbe3d88ae3ad354cf875"
+  integrity sha512-OFP2u/3T1R5CEgWCEONuJ1a5+MFKnOYpkywpUSxv/dj1LeBT1erK+JwM7zK0ROy2BRhqVCf0LRw/kHqKuMkVGg==
+
 easystarjs@^0.4.4:
   version "0.4.4"
   resolved "https://registry.yarnpkg.com/easystarjs/-/easystarjs-0.4.4.tgz#8cec6d20d0d8660715da0301d1da440370a8f40a"