From e1c1e32a4b30460388a2221407e5fe2548ddec08 Mon Sep 17 00:00:00 2001 From: "G.Ambatte" Date: Mon, 1 Jul 2024 09:14:57 +1200 Subject: [PATCH] Return to official package; use custom addHook --- client/homebrew/brewRenderer/brewRenderer.jsx | 13 ++++++------- package-lock.json | 6 +++--- package.json | 2 +- 3 files changed, 10 insertions(+), 11 deletions(-) diff --git a/client/homebrew/brewRenderer/brewRenderer.jsx b/client/homebrew/brewRenderer/brewRenderer.jsx index b1120ef6d..23a683ecb 100644 --- a/client/homebrew/brewRenderer/brewRenderer.jsx +++ b/client/homebrew/brewRenderer/brewRenderer.jsx @@ -18,13 +18,7 @@ const { printCurrentBrew } = require('../../../shared/helpers.js'); import DOMPurify from 'dompurify'; const purifyConfig = { - ADD_ATTR : ['id', 'target'], - IGNORE_BASIC_CUSTOM_ELEMENT : true, // ignore the custom-element naming specification - CUSTOM_ELEMENT_HANDLING : { - tagNameCheck : ()=>{ return true; }, // all elements are allowed - attributeNameCheck : null, // default / standard attribute allow-list is used - allowCustomizedBuiltInElements : false, // no customized built-ins allowed - }, + ADD_ATTR : ['id', 'target'] }; const Themes = require('themes/themes.json'); @@ -180,6 +174,11 @@ const BrewRenderer = (props)=>{ }; const frameDidMount = ()=>{ //This triggers when iFrame finishes internal "componentDidMount" + DOMPurify.addHook('uponSanitizeElement', (node, data, config)=>{ + const tagName = node.tagName?.toLowerCase(); + data.allowedTags[tagName] = true; + }); + setTimeout(()=>{ //We still see a flicker where the style isn't applied yet, so wait 100ms before showing iFrame updateSize(); window.addEventListener('resize', updateSize); diff --git a/package-lock.json b/package-lock.json index cc3f9f236..7136a7cf9 100644 --- a/package-lock.json +++ b/package-lock.json @@ -21,7 +21,7 @@ "cookie-parser": "^1.4.6", "create-react-class": "^15.7.0", "dedent-tabs": "^0.10.3", - "dompurify": "git+https://github.com/G-Ambatte/DOMPurify.git#AddConfigOption-IGNORE_BASIC_CUSTOM_ELEMENT", + "dompurify": "^3.1.5", "expr-eval": "^2.0.2", "express": "^4.19.2", "express-async-handler": "^1.2.0", @@ -5469,8 +5469,8 @@ }, "node_modules/dompurify": { "version": "3.1.5", - "resolved": "git+ssh://git@github.com/G-Ambatte/DOMPurify.git#b6cc41ec10b6fb6de17b29015ea0718eccd752f9", - "license": "(MPL-2.0 OR Apache-2.0)" + "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.1.5.tgz", + "integrity": "sha512-lwG+n5h8QNpxtyrJW/gJWckL+1/DQiYMX8f7t8Z2AZTPw1esVrqjI63i7Zc2Gz0aKzLVMYC1V1PL/ky+aY/NgA==" }, "node_modules/duplexer2": { "version": "0.1.4", diff --git a/package.json b/package.json index afa03d5d1..83e180280 100644 --- a/package.json +++ b/package.json @@ -93,7 +93,7 @@ "cookie-parser": "^1.4.6", "create-react-class": "^15.7.0", "dedent-tabs": "^0.10.3", - "dompurify": "git+https://github.com/G-Ambatte/DOMPurify.git#AddConfigOption-IGNORE_BASIC_CUSTOM_ELEMENT", + "dompurify": "^3.1.5", "expr-eval": "^2.0.2", "express": "^4.19.2", "express-async-handler": "^1.2.0",