How to use the dompurify.sanitize function in dompurify

To help you get started, we’ve selected a few dompurify examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github ghiscoding / aurelia-slickgrid / dist / es2015 / filters / selectFilter.js View on Github external
let suffixText = option[this.labelSuffixName] || '';
                let optionLabel = option[this.optionLabel] || '';
                optionLabel = optionLabel.toString().replace(/\"/g, '\''); // replace double quotes by single quotes to avoid interfering with regular html
                // also translate prefix/suffix if enableTranslateLabel is true and text is a string
                prefixText = (this.enableTranslateLabel && prefixText && typeof prefixText === 'string') ? this.i18n.tr(prefixText || ' ') : prefixText;
                suffixText = (this.enableTranslateLabel && suffixText && typeof suffixText === 'string') ? this.i18n.tr(suffixText || ' ') : suffixText;
                optionLabel = (this.enableTranslateLabel && optionLabel && typeof optionLabel === 'string') ? this.i18n.tr(optionLabel || ' ') : optionLabel;
                // add to a temp array for joining purpose and filter out empty text
                const tmpOptionArray = [prefixText, labelText, suffixText].filter((text) => text);
                let optionText = tmpOptionArray.join(separatorBetweenLabels);
                // if user specifically wants to render html text, he needs to opt-in else it will stripped out by default
                // also, the 3rd party lib will saninitze any html code unless it's encoded, so we'll do that
                if (isRenderHtmlEnabled) {
                    // sanitize any unauthorized html tags like script and others
                    // for the remaining allowed tags we'll permit all attributes
                    const sanitizedText = DOMPurify.sanitize(optionText, sanitizedOptions);
                    optionText = htmlEncode(sanitizedText);
                }
                // html text of each select option
                options += `<option label="${optionLabel}" value="${option[this.valueName]}">${optionText}</option>`;
                // if there's a search term, we will add the "filled" class for styling purposes
                if (selected) {
                    this.isFilled = true;
                }
            });
        }
github Autodesk-Forge / forge-rcdb.nodejs / src / client / components / Label / Label.js View on Github external
const classNames = [
      'label-container',
      ...this.props.className.split(' ')
    ]

    const style = {
      width: this.props.textAlign === 'center'
        ? '100%' : '',
      textAlign: this.props.textAlign
    }

    return(
      <div style="{style}">
        <p>
          { DOMPurify.sanitize(this.props.text) }
        </p>
      </div>
    )
  }
}
github web-padawan / api-viewer-element / src / lib / markdown.ts View on Github external
export const parse = (markdown?: string): TemplateResult => {
  if (!markdown) {
    return html`
      ${nothing}
    `;
  }

  return html`
    ${unsafeHTML(DOMPurify.sanitize(marked(markdown)))}
  `;
};
github Automattic / woocommerce-services / client / components / text-field / index.js View on Github external
const renderFieldDescription = ( description ) =&gt; {
	return (
		description ?  : null
	);
};
github neo4j / neo4j-browser / src / browser / modules / Stream / CypherFrame / TableView.jsx View on Github external
export const renderObject = entry =&gt; {
  if (neo4j.isInt(entry)) return entry.toString()
  if (entry === null) return <em>null</em>
  return (
    
  )
}
const buildData = entries =&gt; {
github rr- / szurubooru / client / js / util / markdown.js View on Github external
new TagPermalinkFixWrapper(),
        new EntityPermalinkWrapper(),
        new SearchPermalinkWrapper(),
        new SpoilersWrapper(),
        new SmallWrapper(),
        new StrikeThroughWrapper(),
    ];
    for (let wrapper of wrappers) {
        text = wrapper.preprocess(text);
    }
    text = marked(text, options);
    wrappers.reverse();
    for (let wrapper of wrappers) {
        text = wrapper.postprocess(text);
    }
    return DOMPurify.sanitize(text);
}
github kinvolk / nebraska / frontend / src / js / components / Header.tsx View on Github external
function Appbar(props: AppbarProps) {
  const { config, menuAnchorEl, projectLogo, handleClose, handleMenu } = props;
  const classes = useStyles();

  React.useEffect(() =&gt; {
    document.title = (config?.title) || 'Nebraska';
  }, [config]);

  return (
    
      
        {config?.logo ? (
          
            <div>
          
        ) : (
          
        )}
        {config?.title &amp;&amp; (
          
            {config.title}
          
        )}
        <div style="{{">
        {config?.access_management_url &amp;&amp; (
          </div></div>
github Enalean / tuleap / src / themes / tlp / doc / js / editors.js View on Github external
function updatePreview() {
            example.innerHTML = sanitize(editor.getValue(), {
                ADD_TAGS: ["tlp-relative-date"],
                ADD_ATTR: ["date", "absolute-date", "placement", "preference", "locale"],
            });
            var datepickers = example.querySelectorAll(".tlp-input-date");
            [].forEach.call(datepickers, function (datepicker) {
                datePicker(datepicker);
            });

            var filters = example.querySelectorAll(".tlp-search[data-target-table-id]");
            [].forEach.call(filters, function (filter) {
                filterInlineTable(filter);
            });

            select2(document.querySelector("#area-select2"), {
                placeholder: "Choose an area",
                allowClear: true,
github decred / dcrdata / cmd / dcrdata / public / js / controllers / homepage_controller.js View on Github external
function mempoolTableRow (tx) {
  const tbody = document.createElement('tbody')
  const link = `/tx/${tx.hash}`
  tbody.innerHTML = `
    
      ${humanize.hashElide(tx.hash, link)}
      ${copyIcon()}
      ${alertArea()}
    
    ${tx.Type}
    ${humanize.threeSigFigs(tx.total || 0, false, 8)}
    ${tx.size} B
    ${humanize.timeSince(tx.time)}
  `
  dompurify.sanitize(tbody, { IN_PLACE: true, FORBID_TAGS: ['svg', 'math'] })
  return tbody.firstChild
}
github First-Peoples-Cultural-Council / fv-web-ui / frontend / app / assets / javascripts / views / pages / search / tile.js View on Github external
desc = p_output.join(', ')

        targetPath = NavigationHelpers.navigate(
          NavigationHelpers.generateUIDPath('explore', tile, 'phrases'),
          null,
          true
        )
        break
      }

      case 'FVPortal':
        type = 'Dialect'
        title = selectn('contextParameters.ancestry.dialect.dc:title', tile)
        imgObj = selectn('contextParameters.portal.fv-portal:logo', tile)

        desc = DOMPurify.sanitize(selectn('properties.fv-portal:about', tile), { ALLOWED_TAGS: [] })
        desc = desc.length > 300 ? '...' + desc.substr(desc.indexOf(this.props.searchTerm) - 50, 250) + '...' : desc

        targetPath = '/explore' + selectn('contextParameters.ancestry.dialect.path', tile)
        break

      case 'FVBook':
        imgObj = selectn('contextParameters.phrase.related_pictures[0]', tile)

        desc = DOMPurify.sanitize(selectn('dc:description', tile), { ALLOWED_TAGS: [] })
        desc = desc.length > 300 ? '...' + desc.substr(desc.indexOf(this.props.searchTerm) - 50, 250) + '...' : desc

        targetPath = NavigationHelpers.navigate(
          NavigationHelpers.generateUIDPath(
            'explore',
            tile,
            selectn('properties.fvbook:type', tile) == 'song' ? 'songs' : 'stories'

dompurify

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It's written in JavaScript and works in all modern browsers (Safari, Opera (15+), Internet Explorer (10+), Firefox and Chrome - as well as almost anything else usin

(MPL-2.0 OR Apache-2.0)
Latest version published 1 day ago

Package Health Score

91 / 100
Full package analysis