diff --git a/package.json b/package.json index 810287b952..28061e45d1 100644 --- a/package.json +++ b/package.json @@ -52,7 +52,7 @@ "classnames": "^2.2.6", "d3": "^3.5.17", "debug": "^3.2.7", - "dompurify": "^2.0.17", + "dompurify": "^3.4.0", "elliptic": "^6.6.0", "font-awesome": "^4.7.0", "history": "^4.10.1", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 55b8abcfc1..8b42b03632 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -44,8 +44,8 @@ importers: specifier: ^3.2.7 version: 3.2.7(supports-color@8.1.1) dompurify: - specifier: ^2.0.17 - version: 2.5.8 + specifier: ^3.4.0 + version: 3.4.7 elliptic: specifier: ^6.6.0 version: 6.6.1 @@ -376,8 +376,8 @@ importers: specifier: ^3.1.0 version: 3.2.7(supports-color@8.1.1) dompurify: - specifier: ^2.0.7 - version: 2.5.8 + specifier: ^3.4.0 + version: 3.4.7 font-awesome: specifier: ^4.7.0 version: 4.7.0 @@ -454,9 +454,6 @@ importers: '@types/debug': specifier: ^4.1.5 version: 4.1.12 - '@types/dompurify': - specifier: ^2.0.4 - version: 2.4.0 '@types/enzyme': specifier: ^3.10.8 version: 3.10.19 @@ -2135,9 +2132,6 @@ packages: '@types/debug@4.1.12': resolution: {integrity: sha512-vIChWdVG3LG1SMxEvI/AK+FWJthlrqlTu7fbrlywTkkaONwk/UAGaULXRlf8vkzFBLVm0zkMdCquhL5aOjhXPQ==} - '@types/dompurify@2.4.0': - resolution: {integrity: sha512-IDBwO5IZhrKvHFUl+clZxgf3hn2b/lU6H1KaBShPkQyGJUQ0xwebezIPSuiyGwfz1UzJWQl4M7BDxtHtCCPlTg==} - '@types/enzyme@3.10.19': resolution: {integrity: sha512-kIfCo6/DdpgCHgmrLgPTugjzbZ46BUK8S2IP0kYo8+62LD2l1k8mSVsc+zQYNTdjDRoh2E9Spxu6F1NnEiW38Q==} @@ -3922,8 +3916,8 @@ packages: resolution: {integrity: sha512-cgwlv/1iFQiFnU96XXgROh8xTeetsnJiDsTc7TYCLFd9+/WNkIqPTxiM/8pSd8VIrhXGTf1Ny1q1hquVqDJB5w==} engines: {node: '>= 4'} - dompurify@2.5.8: - resolution: {integrity: sha512-o1vSNgrmYMQObbSSvF/1brBYEQPHhV1+gsmrusO7/GXtp1T9rCS8cXFqVxK/9crT1jA6Ccv+5MTSjBNqr7Sovw==} + dompurify@3.4.7: + resolution: {integrity: sha512-2jBxDJY4RR06tQNy4w5FlFH7kfxsQZlufd0sbv+chfHCxeJwrFw2baUDsSwvBISD4K4RDbd0PTfy3uNXsR6siA==} domutils@2.8.0: resolution: {integrity: sha512-w96Cjofp72M5IIhpjgobBimYEfoPjx1Vx0BSX9P30WBdZW2WIKU0T1Bd0kz2eNZ9ikjKgHbEyKx8BB6H1L3h3A==} @@ -10885,10 +10879,6 @@ snapshots: dependencies: '@types/ms': 2.1.0 - '@types/dompurify@2.4.0': - dependencies: - '@types/trusted-types': 2.0.7 - '@types/enzyme@3.10.19': dependencies: '@types/cheerio': 0.22.35 @@ -11083,7 +11073,8 @@ snapshots: '@types/triple-beam@1.3.5': {} - '@types/trusted-types@2.0.7': {} + '@types/trusted-types@2.0.7': + optional: true '@types/ws@8.18.1': dependencies: @@ -12948,7 +12939,9 @@ snapshots: dependencies: domelementtype: 2.3.0 - dompurify@2.5.8: {} + dompurify@3.4.7: + optionalDependencies: + '@types/trusted-types': 2.0.7 domutils@2.8.0: dependencies: diff --git a/viz-lib/package.json b/viz-lib/package.json index 80acffe80a..c9e6b6c63c 100644 --- a/viz-lib/package.json +++ b/viz-lib/package.json @@ -41,7 +41,6 @@ "@types/d3": "^6.2.0", "@types/d3-cloud": "^1.2.3", "@types/debug": "^4.1.5", - "@types/dompurify": "^2.0.4", "@types/enzyme": "^3.10.8", "@types/jest": "^26.0.18", "@types/leaflet": "^1.5.19", @@ -86,7 +85,7 @@ "d3": "^3.5.17", "d3-cloud": "^1.2.4", "debug": "^3.1.0", - "dompurify": "^2.0.7", + "dompurify": "^3.4.0", "font-awesome": "^4.7.0", "hoist-non-react-statics": "^3.3.0", "leaflet": "~1.3.1", diff --git a/viz-lib/src/services/sanitize.ts b/viz-lib/src/services/sanitize.ts index 47521ba408..ab4670dc58 100644 --- a/viz-lib/src/services/sanitize.ts +++ b/viz-lib/src/services/sanitize.ts @@ -20,4 +20,10 @@ DOMPurify.addHook("afterSanitizeAttributes", function(node) { export { DOMPurify }; -export default DOMPurify.sanitize; +// DOMPurify 3 returns TrustedHTML | string; annotate so declaration emit stays portable. +const sanitize = DOMPurify.sanitize as ( + dirty: string | Node, + cfg?: DOMPurify.Config +) => string; + +export default sanitize;