How to use the dompurify.isSupported function in dompurify

To help you get started, we’ve selected a few dompurify examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github tutao / tutanota / src / misc / HtmlSanitizer.js View on Github external
constructor() {
		this._blockExternalContent = false
		if (DOMPurify.isSupported) {
			this.purifier = DOMPurify
		} else {
			return
		}
		// Do changes in afterSanitizeAttributes and not afterSanitizeElements so that images are not removed again because of the SVGs.
		this.purifier.addHook('afterSanitizeAttributes', (currentNode, data, config: SanitizeConfig) => {
				// remove custom css classes as we do not allow style definitions. custom css classes can be in conflict to our self defined classes.
				// just allow our own "tutanota_quote" class and MsoListParagraph classes for compatibility with Outlook 2010/2013 emails. see main-styles.js
				let allowedClasses = [
					"tutanota_quote", "MsoListParagraph", "MsoListParagraphCxSpFirst", "MsoListParagraphCxSpMiddle", "MsoListParagraphCxSpLast"
				]
				if (currentNode.classList) {
					let cl = currentNode.classList;
					for (let i = cl.length; i > 0; i--) {
						if (allowedClasses.indexOf(cl[0]) === -1) {
							cl.remove(cl[0]);

dompurify

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It's written in JavaScript and works in all modern browsers (Safari, Opera (15+), Internet Explorer (10+), Firefox and Chrome - as well as almost anything else usin

(MPL-2.0 OR Apache-2.0)
Latest version published 1 day ago

Package Health Score

91 / 100
Full package analysis