DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML, and SVG. DOMPurify is written in JavaScript and works in all modern browsers (Safari, Opera (15+), Internet Explorer (10+), Edge, Firefox, and Chrome - as well as almost anything else using Blink or WebKit). It doesn't break on MSIE6 or other legacy browsers. It either uses a fall-back or simply does nothing.
Questions tagged [dompurify]
43 questions
1
vote
2 answers
Dompurify converting "<" to "<"
I am using DOMPurify to sanitize my HTML content. Everything works fine, but when I use the characters < and >, it is being converted to < and >
Eg: We have Tea // Outputs: We have Tea
Eg: Use '<' and '>' to compare values // Outputs:…
melvin
- 2,571
- 1
- 14
- 37
1
vote
2 answers
Mistake in using DOMPurify on the backend to sanitize form data?
I was wondering if it was possible to use DOMPurify to sanitize user input on a form before it is saved to database. Here's what I've got in my routes.js folder for my form post:
.post('/questionForm', (req, res, next) =>{
…
CjL95
- 17
- 1
- 5
1
vote
2 answers
NodeJS require all modules in one file, good practice?
I am wondering if there is any downside, from a design or security point of view, having one file that requires() all the modules that I need, and then exports them. This would save me to keep track of all modules in every single file.
Example:
//…
Michael Brenndoerfer
- 3,483
- 2
- 39
- 50
1
vote
2 answers
Replace $sanitize implementation in angular with DOMPurify?
Is it possible to replace native implementation of $sanitize function from angularjs (version 1.5.x) with custom implementation that would use DOMPurify?
My goal is to be able to write ng-bind-html=value and have DOMPurify being used when sanitizing…
oldbam
- 2,397
- 1
- 16
- 24
0
votes
1 answer
Adding Angular directive to dompurify element
Is it possible to add an Angular directive to an anchor tag sanitized by Dompurify?
I’ve tried adding my directive to the element, but I am unable to get the directive to be triggered. If I wrap the anchor tag with a div tag, the directive triggers…
Dsapp
- 49
- 5
0
votes
0 answers
When sanitizing user input to be shown on website for text: is escaping HTML entities enough for text or do I still need to DOMPurify it?
When sanitizing user input to be shown on website for text: is escaping HTML entities enough for text or do I still need to DOMPurify it?
I am building a website where the user can enter 2 types of text:
Text which is to be rendered as titles,…
sudoExclaimationExclaimation
- 7,992
- 10
- 47
- 105
0
votes
0 answers
Compatibility issue with isomorphic-dompurify and dompurify in Next.js 13
I'm encountering a compatibility issue with isomorphic-dompurify and dompurify in my Next.js 13 project.
It seems that both libraries cannot be used due to dependencies on canvas, and I'm currently unable to find a suitable alternative.
Module not…
Tom Fan
- 312
- 1
- 9
0
votes
0 answers
Why does checkmarx not passing XSS vulnerability after using DOMPurify?
I am scanning a project for vulnerabilities using Checkmarx, I am unable to clear XSS vulnerabilities using DOMPurify in JS file.
Example code:
function purifyDOM(tag){
var dom_purify = DOMPurify.sanitize(tag, {ALLOWED_TAGS: ['tr', 'th', 'td',…
Surendranatha Reddy T
- 112
- 10
0
votes
1 answer
How can I allow and tags in DOMPurify?
I am using DOMPurify library in javascript file to prevent XSS attacks.
Here is the code.
main.html
Online jQuery Editor
Surendranatha Reddy T
- 112
- 10
0
votes
0 answers
Set up freepik-labs/dompurify on php xampp
I have been trying to set up free-pik-labs/dompurify on a php project and it just does not work. Can anyone help me?
I installed it with composer to my project's local directory and ran the code below:
require_once '../vendor/autoload.php';
use…
0
votes
0 answers
How to sanitize server-side rendered HTML in res.render using DOMPurify (Node/Express)
I have a server-side rendered NodeJS Express app. It uses res.render('pathToMyHtml', props) and a view engine to serve the html with the provided props.
I want to make sure my HTML is sanitized using the isomorphic-dompurify library to protect…
tbd_
- 1,058
- 1
- 16
- 39
0
votes
0 answers
Importing DOMPurify with RequireJs doesn't work
I'm trying to use DOMPurify as a lib in a BackBone project that uses RequireJS. But it doesn't work, see below how it is configured
enter image description here
in Main.js
enter image description here
i use on model
enter image description…
0
votes
0 answers
Readable HTML getting Truncated
I am trying to extract the Readability version of this site - [https://app.termly.io/document/privacy-policy/93a0d7a9-a628-44b5-9748-4f853bed4112][1]
However, I noticed the readable content gets truncated. I am using Mozilla Readability.
Is there…
Sunil
- 311
- 1
- 10
0
votes
1 answer
Which DOMPurify isSupported should I use?
I'm using DOMPurify with Node.js.
Code from here
import { JSDOM } from 'jsdom';
import DOMPurify from 'dompurify';
const window = new JSDOM('').window;
const purify = DOMPurify(window);
const clean = purify.sanitize('hello…
Clay Casper
- 5
- 4
I am using DOMPurify library in javascript file to prevent XSS attacks.
Here is the code.
main.html
Online jQuery Editor
Surendranatha Reddy T
- 112
- 10
0
votes
0 answers
Set up freepik-labs/dompurify on php xampp
I have been trying to set up free-pik-labs/dompurify on a php project and it just does not work. Can anyone help me?
I installed it with composer to my project's local directory and ran the code below:
require_once '../vendor/autoload.php';
use…
0
votes
0 answers
How to sanitize server-side rendered HTML in res.render using DOMPurify (Node/Express)
I have a server-side rendered NodeJS Express app. It uses res.render('pathToMyHtml', props) and a view engine to serve the html with the provided props.
I want to make sure my HTML is sanitized using the isomorphic-dompurify library to protect…
tbd_
- 1,058
- 1
- 16
- 39
0
votes
0 answers
Importing DOMPurify with RequireJs doesn't work
I'm trying to use DOMPurify as a lib in a BackBone project that uses RequireJS. But it doesn't work, see below how it is configured
enter image description here
in Main.js
enter image description here
i use on model
enter image description…
0
votes
0 answers
Readable HTML getting Truncated
I am trying to extract the Readability version of this site - [https://app.termly.io/document/privacy-policy/93a0d7a9-a628-44b5-9748-4f853bed4112][1]
However, I noticed the readable content gets truncated. I am using Mozilla Readability.
Is there…
Sunil
- 311
- 1
- 10
0
votes
1 answer
Which DOMPurify isSupported should I use?
I'm using DOMPurify with Node.js.
Code from here
import { JSDOM } from 'jsdom';
import DOMPurify from 'dompurify';
const window = new JSDOM('').window;
const purify = DOMPurify(window);
const clean = purify.sanitize('hello…
Clay Casper
- 5
- 4