474d4951d8
* Switch to dompurify for sanitizing markdown content Switches us from using `insane` to instead use `dompurify`, which seems to be better maintained and also has some nice features, such as built-in trusted types support I've tried to port over our existing sanitizer settings as best as possible, but there's not always a 1:1 mapping between how insane works and how dompurify does. I'd like to get this change in early in the iteration to catch potential regressions * Remove logging and renaming param * Move dompurify to browser layer * Fixing tests and how we check valid attributes * Allow innerhtml in specific files * Use isEqualNode instead of checking innerHTML directly innerHTML can return different results on different browsers. Use `isEqualNode` instead * Reapply fix for trusted types * Enable ALLOW_UNKNOWN_PROTOCOLS I beleive this is required since we allow links to commands and loading images over remote * in -> of * Fix check of protocol * Enable two more safe tags
18 lines
311 B
JSON
18 lines
311 B
JSON
{
|
|
"registrations": [
|
|
{
|
|
"component": {
|
|
"type": "git",
|
|
"git": {
|
|
"name": "dompurify",
|
|
"repositoryUrl": "https://github.com/cure53/DOMPurify",
|
|
"commitHash": "6cfcdf56269b892550af80baa7c1fa5b680e5db7"
|
|
}
|
|
},
|
|
"license": "Apache 2.0",
|
|
"version": "2.3.1"
|
|
}
|
|
],
|
|
"version": 1
|
|
}
|