Update dompurify to the latest version

Question

Update dompurify to the latest version

2kse opened this issue 3 years ago · 5 comments

2kse commented 3 years ago

Versions - dompurify

"dependencies": { "dompurify": "^2.0.0" },

Answer 1 · 2021-12-08T10:19:36.000Z

Hello,

What's the issue here?

The latest version of DOMPurify is 2.3.4 which is covered by the range ^2.0.0.

Answer 2 · 2021-12-09T12:16:28.000Z

Hello!

Fixed the problem with target="_blank" attr

The solution is in options:

hooks: {
    afterSanitizeAttributes: (node) => {
      // set all elements owning target to target=_blank
      if ('target' in node) {
        node.setAttribute('target', '_blank')
        node.setAttribute('rel', 'noopener')
      }
    }
  },

but I think if you will update the lib for that I can remove extra hooks :)

Answer 3 · 2021-12-10T08:29:50.000Z

You can already pull the latest version of DOMPurify, the range specified by vue-dompurify-html already allows it.. If you use npm, running npm update dompurify should do the trick. If you are not using the latest version of npm you might need to also specify the --depth option, see RFC00019 for more information.

However note that even the latest version of DOMPurify remove the target="_blank" attribute so you will still have to use a hook.

Answer 4 · 2021-12-10T14:49:58.000Z

I'm going to close this one. It is not directly related to vue-dompurify-html.

Anyway a 2.4.0 and 3.0.0-beta.1 of vue-dompurify-html have been released and they both set DOMPurify 2.3.4 as the minimal supported version.

Answer 5 · 2021-12-10T14:54:33.000Z

Also see #1258