_Bastler/partey_workadventure
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

add DOMPurify

Browse Source
This commit is contained in:
_Bastler 2022-02-27 14:37:26 +01:00
parent 9e86e95135
commit 86dc0d4aa8
3 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
front/package.json
View File

@ -42,6 +42,7 @@
"cancelable-promise": "^4.2.1", "cancelable-promise": "^4.2.1",
"cross-env": "^7.0.3", "cross-env": "^7.0.3",
"deep-copy-ts": "^0.5.0", "deep-copy-ts": "^0.5.0",
"dompurify" : "^2.3.6",
"easystarjs": "^0.4.4", "easystarjs": "^0.4.4",
"generic-type-guard": "^3.4.2", "generic-type-guard": "^3.4.2",
"google-protobuf": "^3.13.0", "google-protobuf": "^3.13.0",

6
front/src/WebRtc/HtmlUtils.ts
View File

@ -1,4 +1,4 @@
// import sanitizeHtml from 'sanitize-html'; import DOMPurify from 'dompurify';
export class HtmlUtils { export class HtmlUtils {
public static getElementByIdOrFail<T extends HTMLElement>(id: string): T { public static getElementByIdOrFail<T extends HTMLElement>(id: string): T {
@ -40,8 +40,8 @@ export class HtmlUtils {
public static sanitize(html: string | number | boolean | undefined): string { public static sanitize(html: string | number | boolean | undefined): string {
if (typeof html === "string") { if (typeof html === "string") {
return html; return DOMPurify.sanitize(html);
/* TODO: fix sanitizer, sanitizeHtml seems not to work with vite /* TODO: fix sanitizer, apply sanitizeHtml rules to DOMPurify
return sanitizeHtml(html, { return sanitizeHtml(html, {
allowedAttributes: { allowedAttributes: {
span: ["style"], span: ["style"],

5
front/yarn.lock
View File

@ -876,6 +876,11 @@ doctrine@^3.0.0:
dependencies: dependencies:
esutils "^2.0.2" esutils "^2.0.2"
dompurify@^2.3.6:
version "2.3.6"
resolved "https://registry.yarnpkg.com/dompurify/-/dompurify-2.3.6.tgz#2e019d7d7617aacac07cbbe3d88ae3ad354cf875"
integrity sha512-OFP2u/3T1R5CEgWCEONuJ1a5+MFKnOYpkywpUSxv/dj1LeBT1erK+JwM7zK0ROy2BRhqVCf0LRw/kHqKuMkVGg==
easystarjs@^0.4.4: easystarjs@^0.4.4:
version "0.4.4" version "0.4.4"
resolved "https://registry.yarnpkg.com/easystarjs/-/easystarjs-0.4.4.tgz#8cec6d20d0d8660715da0301d1da440370a8f40a" resolved "https://registry.yarnpkg.com/easystarjs/-/easystarjs-0.4.4.tgz#8cec6d20d0d8660715da0301d1da440370a8f40a"