-
-
Notifications
You must be signed in to change notification settings - Fork 94
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add DOMPurify to sanitize HTML #196
Conversation
Non breacking new feature (disabled by default)
I should have added that it's a work in progress. Sorry for the trouble. Will deliver asap |
Ready to be merged, no breacking change => just a minor bump :) |
Could someone release v4.1.0 following the merge of this PR? |
Please let me know. |
lib/renderer.js
Outdated
const createDOMPurify = require('dompurify'); | ||
const { JSDOM } = require('jsdom'); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is it possible to only require dompurify
when the option is enabled?
const createDOMPurify = require('dompurify'); | |
const { JSDOM } = require('jsdom'); | |
let JSDOM; | |
let createDOMPurify; | |
if (config.dompurify) { | |
createDOMPurify = require('dompurify'); | |
JSDOM = require('jsdom').JSDOM; | |
} |
This could speed up cold start performance.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah, the suggestion here is just for demonstration. The require
part should be added after the config is read.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
@yoshinorin you can create a release |
Non breacking new feature (disabled by default)
Will need a Minor version bump.
Once done, the plan is to enable it by default, to be safe by default :)