add DOMPurify

This commit is contained in:
_Bastler 2022-02-27 14:37:26 +01:00
parent 9e86e95135
commit 86dc0d4aa8
3 changed files with 9 additions and 3 deletions

View File

@ -42,6 +42,7 @@
"cancelable-promise": "^4.2.1",
"cross-env": "^7.0.3",
"deep-copy-ts": "^0.5.0",
"dompurify" : "^2.3.6",
"easystarjs": "^0.4.4",
"generic-type-guard": "^3.4.2",
"google-protobuf": "^3.13.0",

View File

@ -1,4 +1,4 @@
// import sanitizeHtml from 'sanitize-html';
import DOMPurify from 'dompurify';
export class HtmlUtils {
public static getElementByIdOrFail<T extends HTMLElement>(id: string): T {
@ -40,8 +40,8 @@ export class HtmlUtils {
public static sanitize(html: string | number | boolean | undefined): string {
if (typeof html === "string") {
return html;
/* TODO: fix sanitizer, sanitizeHtml seems not to work with vite
return DOMPurify.sanitize(html);
/* TODO: fix sanitizer, apply sanitizeHtml rules to DOMPurify
return sanitizeHtml(html, {
allowedAttributes: {
span: ["style"],

View File

@ -876,6 +876,11 @@ doctrine@^3.0.0:
dependencies:
esutils "^2.0.2"
dompurify@^2.3.6:
version "2.3.6"
resolved "https://registry.yarnpkg.com/dompurify/-/dompurify-2.3.6.tgz#2e019d7d7617aacac07cbbe3d88ae3ad354cf875"
integrity sha512-OFP2u/3T1R5CEgWCEONuJ1a5+MFKnOYpkywpUSxv/dj1LeBT1erK+JwM7zK0ROy2BRhqVCf0LRw/kHqKuMkVGg==
easystarjs@^0.4.4:
version "0.4.4"
resolved "https://registry.yarnpkg.com/easystarjs/-/easystarjs-0.4.4.tgz#8cec6d20d0d8660715da0301d1da440370a8f40a"