Questions tagged [dompurify]

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML, and SVG. DOMPurify is written in JavaScript and works in all modern browsers (Safari, Opera (15+), Internet Explorer (10+), Edge, Firefox, and Chrome - as well as almost anything else using Blink or WebKit). It doesn't break on MSIE6 or other legacy browsers. It either uses a fall-back or simply does nothing.

43 questions

votes

0 answers

Mitigate Client Dom Stored Xss from Jquery append method flagged by Checkmarx

For my Project I have the Jquery 2.2.0 version and recently The Checkmarx scan is added for the project. I am trying to find out a solution for "Client DOM Stored XSS" error. I have used the DomPurify library for the html sanitization before…

asked Oct 28 '22 at 09:50

Srikant Sahu

votes

0 answers

How to use DOMPurify hooks with async/await functions

In a nodejs server, using DOMPurify+JSDOM, I need to download an image inside the Hook afterSanitizeElements. For example, using the code below, I manage to get the image, but too late, and the image cannot be leveraged to be used in the code that…

node.js async-await axios hook dompurify

asked Sep 16 '22 at 22:57

Moisés Bites

votes

1 answer

Decode string in React

I'm displaying user comments on react with DomPurify. When the user enters a dangerous strings: eg ' it gets encoded, how can I safely decode it? Here is the code:

{DOMPurify.sanitize(hit.comment)}

Thanks…

javascript reactjs decode dompurify

asked Feb 17 '22 at 14:18

Mendi Sterenfeld

votes

1 answer

Check SVG with JS dompurify

I'm using DomPurify to sanitize SVG code. It works fine however I would like to show a message if SVG code entered in a textarea is not valid. I'm trying to compare the SVG code added with the SVG code sanitized. If they are different I will show a…

javascript dompurify

asked Jan 13 '22 at 03:30

CyberJ

1,018
1
11
24

votes

2 answers

nodemon starting `node server.js` TypeError: marked is not a function

I'm creating a blog, using this 'Web Dev Simplified' tutorial: https://www.youtube.com/watch?v=1NrHkjlWVhM I've copied the code from git hub https://github.com/WebDevSimplified/Markdown-Blog, installed the node modules and linked it to my mongodb…

node.js mongodb express jsdom dompurify

asked Nov 11 '21 at 13:44

Jamie Vaughan

votes

2 answers

Secure way to use dangerouslySetInnerHTML inside my react SharePoint Modern web part

I am trying to build a React.js SharePoint modern web part, which has the following capabilities:- Inside the Web Part settings page >> there are 2 fields named "Who We Are" & "Our Value" which allow the user to enter HTML. The web part will…

javascript reactjs xss sharepoint-online dompurify

asked Nov 09 '21 at 15:39

John John

votes

1 answer

DOMPurify for XSS

I am trying to fix the cross side scripting (XSS) with the DOMPurify . The vulnerability found is in the URL as below . https://stage-xyzmysite.com/login/?rUrl=javascript:alert('hi') . I am trying to do a simple POC where it will try to eliminate…

javascript html url xss dompurify

asked Jul 14 '20 at 22:54

Ags

votes

1 answer

Using custom DomSanitizer with Ivy

I’m using ng-dompurify in an Angular 9 application and I’ve substituted the default Angular DomSanitizer with the NgDompurifyDomSanitizer implementation. @NgModule({ // ... providers: [ { provide: DomSanitizer, …

angular9 angular-ivy angular-dom-sanitizer dompurify

asked Apr 10 '20 at 21:42

David Harris

votes

0 answers

Why does DOMPurify with SAFE_FOR_TEMPLATES removes data attributes?

I stumbled across a weird behavior of DOMPurify where data-* attributes get left when sanitizing with the default options, but get stripped out when using the SAFE_FOR_TEMPLATES option. Also, the whole text that contains a template gets stripped out…

javascript security vue.js xss dompurify

asked Sep 16 '19 at 10:30

Nino Filiu

16,660
11
54
84

votes

1 answer

My website on Chrome 77 doesn't load any data, but it works fine on Chrome 76

What's worse, is that my tests pass using Chrome 77 with Chromedriver 77 (the tests pass, the data is loaded in the webpages, etc.). It's only if I manually pull up a Chrome 77 browser and test it that it fails. Here's basically what my code is…

google-chrome selenium-chromedriver webdriver-io dompurify trusted-types

asked Sep 11 '19 at 19:29

Ryan Shillington

23,006
14
93
108

votes

1 answer

Symfony 3.4 - Webpack Encore and DOMPurify

I'm trying to integrate DOMPurify into my Symfony project, but I keep getting DOMPurify isn't defined In my browser's console. In my app.js I have: import '../scss/custom.scss'; import $ from 'jquery'; import DOMPurify from 'dompurify'; global.$…

javascript symfony webpack-encore dompurify

asked Apr 10 '19 at 01:37

Major Productions

5,914
13
70
149

votes

1 answer

Why aren't all node packages updated to the latest version when running npm update?

Environment Windows 10 Home Node v10.13.0 NPM 6.4.1 Desired Behaviour Update all node packages. Actual Behaviour Not all packages are being updated. What I've Tried npm update per information in this post: npm install vs. update - what's the…

node.js npm dompurify

asked Mar 07 '19 at 07:35

user1063287

10,265
25
122
218

votes

2 answers

Allow HTML comments in DomPurify

I would like to use DOMPurify to sanitise some HTML content, but I'd like to preserve the HTML comments. Is that possible? You can see what it does in this example - if you enter markup with a comment the comment is stripped out. DOMPurify seems…

javascript html sanitization dompurify

asked Nov 13 '18 at 15:31

And Finally

5,602
14
70
110

Prev 1 2