How to use the dompurify/dist/purify.sanitize function in dompurify

To help you get started, we’ve selected a few dompurify examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github magda-io / magda / magda-web-client / src / UI / MarkdownViewer.js View on Github external
if (!defined(markdownString) || markdownString.length === 0) {
        return markdownString;
    }
    // If the text looks like html, don't try to interpret it as Markdown because
    // we'll probably break it in the process.
    var unsafeHtml;
    if (htmlRegex.test(markdownString)) {
        unsafeHtml = markdownString;
    } else {
        // Note this would wrap non-standard tags such as hi in a <p></p>, which is bad.
        unsafeHtml = md.render(markdownString);
    }
    if (allowUnsafeHtml) {
        return unsafeHtml;
    } else {
        return DOMPurify.sanitize(unsafeHtml, options);
    }
}
github TerriaJS / terriajs / lib / Core / markdownToHtml.js View on Github external
unsafeHtml = markdownString;
  } else {
    // MarkdownIt can't handle something that is not a string primitve.  It can't even handle
    // something that is a string object (instanceof String) rather a string primitive
    // (typeof string === 'string').  So if this isn't a string primitive, call toString
    // on it in order to make it one.
    if (markdownString && typeof markdownString !== "string") {
      markdownString = markdownString.toString();
    }

    unsafeHtml = md.render(markdownString);
  }
  if (allowUnsafeHtml) {
    return unsafeHtml;
  } else {
    return DOMPurify.sanitize(unsafeHtml, options);
  }
}
github TerriaJS / terriajs / lib / ReactViews / Map / Panels / SharePanel / PrintView.jsx View on Github external
renderAttribution(attribution) {
    // For reasons I don't entirely understanding, using parseCustomHtmlToReact instead
    // of dangerouslySetInnerHTML here doesn't work in IE11 or Edge. All elements after
    // the first attribution end up just completely missing from the DOM.
    const html = { __html: DOMPurify.sanitize(attribution) };
    return <li>;
  },
</li>

dompurify

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It's written in JavaScript and works in all modern browsers (Safari, Opera (15+), Internet Explorer (10+), Firefox and Chrome - as well as almost anything else usin

(MPL-2.0 OR Apache-2.0)
Latest version published 13 days ago

Package Health Score

91 / 100
Full package analysis