Which DOMPurify isSupported should I use?

Question

I'm using DOMPurify with Node.js.

Code from here

import { JSDOM } from 'jsdom';
import DOMPurify from 'dompurify';

const window = new JSDOM('').window;
const purify = DOMPurify(window);
const clean = purify.sanitize('<b>hello there</b>');

console.log(DOMPurify.isSupported) // -> false
console.log(purify.isSupported) // -> true

I'm guessing purify.isSupported is the value I should be checking since I'm using node like this. Can I just ignore DOMPurify.isSupported?

I'm assuming DOMPurify.isSupported doesn't matter since I'm using purify to sanitize. Is that correct?

Call me paranoid, just want to avoid XSS.

score 0 · Accepted Answer · answered Dec 19 '22 at 20:38

In the source code, you can see that DOMPurify.isSupported is always false

if (!window || !window.document || window.document.nodeType !== 9) {
  // Not running in a browser, provide a factory function
  // so that you can pass your own Window
  DOMPurify.isSupported = false;

  return DOMPurify;
}

Which DOMPurify isSupported should I use?

1 Answers1