export 'sanitize' (imported as 'sanitize') was not found in 'dompurify' (possible exports: default)

cure53 / DOMPurify

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

https://cure53.de/purify

Other

14.14k stars 735 forks source link

export 'sanitize' (imported as 'sanitize') was not found in 'dompurify' (possible exports: default) #1034

Closed ngtrthinh169TPC closed 6 days ago

ngtrthinh169TPC commented 1 week ago

This issue proposes a bug which dompurify's typescript is messed up.

Background & Context

DefinitelyTyped has removed @types/dompurify 2 days ago (https://github.com/DefinitelyTyped/DefinitelyTyped/pull/71153), which renders the old version of dompurify not buildable within projects that uses typescript. We were forced to update the version to ^3.2.0. After updating, several breaking changes happened.

Bug

Input

My old import:

import { sanitize } from "dompurify";

Given output

When build, a warning shows up in the console: export 'sanitize' (imported as 'sanitize') was not found in 'dompurify' (possible exports: default)

Expected output

The old code should not break.

Feature

Keep the export as it used to be.

Or just let us know how to migrate this.

ngtrthinh169TPC commented 1 week ago

Hey I've found a work-around for this by using default export

import DOMPurify from "dompurify";

and use DOMPurify.sanitize.

Not quite the prettiest piece of code since it triggers some eslint errors of "no-undef", but after some researches I decide to turn off that eslint rule and settle with the default export (ref: https://github.com/typescript-eslint/typescript-eslint/issues/662). For that matter I'll close this issue here.

Still, I think removing @types/dompurify immediately is a bad move for general users.

MrChocolatine commented 6 days ago

@ngtrthinh169TPC please reopen this ticket, this was and is still an issue and should not be marked as "Completed".

The symbol sanitize is still visible but importing it ends up in an error. Something went wrong with the recent updates.

cc @cure53

ngtrthinh169TPC commented 6 days ago

I wasn't sure if that was my fault or was it the new version, since the export code doesn't seem to be changed. But seeing there's multiple people out there with the same problem, I think it's safe to say we should at least revert the removal of @types/dompurify until things are stable enough.

cure53 commented 6 days ago

Heya, we currently have no plans to revert anything, or dig deeper on this issue, as it seems to work well for a majority of folks.

Please check what's causing the issue on your end. If anything is the outcome that we can do to fix it, happy to receive a PR.

MrChocolatine commented 6 days ago

Heya, we currently have no plans to revert anything, or dig deeper on this issue, as it seems to work well for a majority of folks.

And... I was expecting this. I read a lot of issues on this repo and 98% of the time it's the kind of answer always given. "Not our problem, we won't do anything, close the issue without any (or almost) further discussion"

What a way to maintain a library and exchange with your users. Anyway.

cure53 commented 6 days ago

I am sorry you feel frustrated, but this is really an issue you need to figure out yourself.

If we change something this direction, people will have issues, if we change something the other direction, other people will have issues. We use definitely types? People cry. We use our own types? People cry.

If you do however find something that we actually did wrong and have a solution, we are super-open to looking into that, accepting a PR and making it work. Everything else really is your problem and way outside what we can do in the little bit of spare time we have to maintain this project.