UNPKG

@gitlab/ui

Version:

GitLab UI Components

gitlab.com/gitlab-org/gitlab-ui

24 lines (19 loc) 758 B
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
import { sanitize } from 'dompurify'; import { forbiddenDataAttrs } from './constants'; // Mitigate against future dompurify mXSS bypasses by // avoiding additional serialize/parse round trip. // See https://gitlab.com/gitlab-org/gitlab-ui/-/merge_requests/1782 // and https://gitlab.com/gitlab-org/gitlab-ui/-/merge_requests/2127 // for more details. const DEFAULT_CONFIG = { RETURN_DOM_FRAGMENT: true, FORBID_ATTR: [...forbiddenDataAttrs] }; const transform = (el, binding) => { if (binding.oldValue !== binding.value) { const config = { ...DEFAULT_CONFIG, ...(binding.arg ?? {}) }; el.textContent = ''; el.appendChild(sanitize(binding.value, config)); } }; export const SafeHtmlDirective = { bind: transform, update: transform, };