@appex/aurelia-dompurify/src/dompurify-sanitizer.ts

Use DOMPurify as Aurelia's sanitizer implementation.

import { HTMLSanitizer } from 'aurelia-templating-resources';
import { getLogger } from 'aurelia-logging';
import * as DOMPurify from 'dompurify';

let domPurifyNotified = false;

export class DOMPurifySanitizer extends HTMLSanitizer {
  public static defaultConfig: DOMPurify.Config;
  
  public sanitize(input: any, config?: DOMPurify.Config): any {
    if (!domPurifyNotified) {
      getLogger('dompurify-sanitizer').debug(`Using DOMPurify instead of Aurelia's default sanitizer`);
      domPurifyNotified = true;
    }

    return DOMPurify.sanitize(input, config ?? DOMPurifySanitizer.defaultConfig);
  }
}