[docs] revisit sanitizer recommendations #2482
Labels
Comments
|
If you want to make a PR for the docs changes I would be happy to accept it 😁👍 |
|
Thanks! I sent a pull. I thought about adding isomorphic-dompurify but decided to keep the warning message terse and instead submitted an issue to DOMPurify in case they decide to enhance it so users can use DOMPurify without the wrapper for SSR. |
UziTech
pushed a commit
that referenced
this issue
May 29, 2022
|
🎉 This issue has been resolved in version 4.0.17 🎉 The release is available on: Your semantic-release bot 📦🚀 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What pain point are you perceiving?.
I took one good look at DOMPurify and it's not meant for a modern stack. Next, Nuxt, SvelteKit. All of them do SSR and DOMPurify will fail hard the moment someone tries to use it server-side leading to SO questions like this one.
Describe the solution you'd like
Given this library has such massive exposure and domain knowledge in the area of XSS parsers I think it would be nice to set devs up for success by updating the docs to make an isomorphic xss lib the recommended default with the obvious security disclaimers.
I just tried out js-xss (
npm i xss) and it was easy enough to set-up. It supports SSR and also ships type definitions (DOMPurifier type defs must be installed separately). Could you please add this to the list? It's an 8-year old library so I imagine it's been put to the test to get where its at. Best of all, it's still being improved upon as evidenced by its inclued type definitions.The text was updated successfully, but these errors were encountered: