UNPKG

@gitlab/ui

Version:

GitLab UI Components

gitlab.com/gitlab-org/gitlab-ui

36 lines (29 loc) 934 B
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
import DOMPurify from 'dompurify'; import { forbiddenDataAttrs, forbiddenTags } from './constants'; const { sanitize } = DOMPurify; // Mitigate against future dompurify mXSS bypasses by // avoiding additional serialize/parse round trip. // See https://gitlab.com/gitlab-org/gitlab-ui/-/merge_requests/1782 // and https://gitlab.com/gitlab-org/gitlab-ui/-/merge_requests/2127 // for more details. const DEFAULT_CONFIG = { RETURN_DOM_FRAGMENT: true, ALLOW_UNKNOWN_PROTOCOLS: true, FORBID_ATTR: forbiddenDataAttrs, FORBID_TAGS: forbiddenTags, }; const transform = (el, binding) => { if (binding.oldValue !== binding.value) { const config = { ...DEFAULT_CONFIG, ...(binding.arg ?? {}) }; el.textContent = ''; el.appendChild(sanitize(binding.value, config)); } }; const clear = (el) => { el.textContent = ''; }; export const SafeHtmlDirective = { bind: transform, update: transform, unbind: clear, };