Skip to content

Commit eed521d

Browse files
committed
Use dompurify to sanitize text input
1 parent 6b7bdad commit eed521d

3 files changed

Lines changed: 7 additions & 9 deletions

File tree

package-lock.json

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

package.json

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,7 @@
2828
},
2929
"homepage": "https://ekoopmans.github.io/html2pdf.js/",
3030
"dependencies": {
31+
"dompurify": "^3.3.1",
3132
"html2canvas": "^1.0.0",
3233
"jspdf": "^4.0.0"
3334
},

src/utils.js

Lines changed: 5 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,5 @@
1+
import DOMPurify from 'dompurify';
2+
13
// Determine the type of a variable/object.
24
export const objType = function objType(obj) {
35
var type = typeof obj;
@@ -14,14 +16,9 @@ export const objType = function objType(obj) {
1416
// Create an HTML element with optional className, innerHTML, and style.
1517
export const createElement = function createElement(tagName, opt) {
1618
var el = document.createElement(tagName);
17-
if (opt.className) el.className = opt.className;
18-
if (opt.innerHTML) {
19-
el.innerHTML = opt.innerHTML;
20-
var scripts = el.getElementsByTagName('script');
21-
for (var i = scripts.length; i-- > 0; null) {
22-
scripts[i].parentNode.removeChild(scripts[i]);
23-
}
24-
}
19+
if (opt.className) el.className = opt.className;
20+
if (opt.innerHTML) el.innerHTML = DOMPurify.sanitize(opt.innerHTML);
21+
2522
for (var key in opt.style) {
2623
el.style[key] = opt.style[key];
2724
}

0 commit comments

Comments
 (0)