search

cure53 / DOMPurify

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
https://cure53.de/purify
Other
13.68k stars 701 forks source link

[QUESTION] How to use in a React Native project? #806

Closed JeremyBradshaw7 closed 1 year ago

JeremyBradshaw7 commented 1 year ago

I want to sanitise html that is user-input before I render it in a react-native-webview. However, I'm getting this error :

TypeError: _dompurify.default.sanitize is not a function

in the console. I've added both the latest dompurify and @types/dompurify packages, and imported thus:

import DOMPurify from 'dompurify';

I'm calling the sanitize function outside the webview in the React Native realm, to sanitize the content before passing that content to the webview.

One issue may be that I don't have a DOM engine. I tried the Node approach (meant for servers) but unfortunately installing jsdom as well completely broke the compilation, so instead I plan to use jsdom-jscore-rn.

This is shown i the console if I log the package:

image

So it is importing it as it's finding the version, but is instantiated as not supported.

cure53 commented 1 year ago

To be frank, no idea - sorry :smiling_face_with_tear:

Most use-cases should be solvable using the documentation here: https://github.com/cure53/DOMPurify#using-the-minified-and-tested-production-version-source-map-available

Everything else we don't really know and would have to investigate ourselves.

JeremyBradshaw7 commented 1 year ago

Closing as I dont think it is possible.