Update dompurify to the latest version
2kse opened this issue · 5 comments
Hello,
What's the issue here?
The latest version of DOMPurify is 2.3.4 which is covered by the range ^2.0.0.
Hello!
Fixed the problem with target="_blank"
attr
The solution is in options:
hooks: {
afterSanitizeAttributes: (node) => {
// set all elements owning target to target=_blank
if ('target' in node) {
node.setAttribute('target', '_blank')
node.setAttribute('rel', 'noopener')
}
}
},
but I think if you will update the lib for that I can remove extra hooks :)
You can already pull the latest version of DOMPurify, the range specified by vue-dompurify-html
already allows it.. If you use npm
, running npm update dompurify
should do the trick. If you are not using the latest version of npm
you might need to also specify the --depth
option, see RFC00019 for more information.
However note that even the latest version of DOMPurify remove the target="_blank"
attribute so you will still have to use a hook.
I'm going to close this one. It is not directly related to vue-dompurify-html
.
Anyway a 2.4.0 and 3.0.0-beta.1 of vue-dompurify-html
have been released and they both set DOMPurify 2.3.4 as the minimal supported version.