Closed myufa closed 1 year ago
Hah, interesting and seemingly a weird behavior of iOS and nothing we can fix. Unless you have any ideas?
Hah, interesting and seemingly a weird behavior of iOS and nothing we can fix. Unless you have any ideas?
This is not just an IOS behavior, these strings do not get formatted into links outside of the sanitize function.
Well, we don't have any code implementing that, that I can pretty much guarantee :smile: So, where does this come from?
I also tried these snippets on iOS v16 using BrowserStack: https://jsfiddle.net/0rcaLfe4/ https://jsfiddle.net/0rcaLfe4/1
It does not reproduce for me.
iPhone 14 v16.4
OS: iOS, v16.4
Browser: Safari
Also, changing the version from (outdated) DOMPurify 2.3.3 to newer versions doesn't deliver any repro, can you produce a working test case per chance? Else I have nothing to work with.
Closing this for now, no repro, no case - please reopen if needed.
I see this behaviour also on the IPhone. and it is indeed dompurify that adding this. That is because they use the virtual dom of safari which is inserting the phone number
see where the confusion is coming from. DOMPurify uses a virtual DOM to sanitize HTML, but it doesn't inherently add links to numbers. It's designed to remove potentially harmful elements from HTML, not add new ones.
However, when DOMPurify parses and sanitizes the HTML, it uses the browser's HTML parsing engine, which in Safari on iOS includes automatic phone number detection. So, when the sanitized HTML is inserted back into the page, any phone numbers may appear as links, even though DOMPurify didn't explicitly add those links.
This is a feature of the browser, not DOMPurify. If you want to prevent this behavior, you can use the format-detection meta tag in your HTML:
<meta name="format-detection" content="telephone=no">
This will tell Safari not to automatically detect and link phone numbers.
Background & Context
When using dompurify on IOS 16 (and potentially other IOS versions) strings of numbers and dashes formatted as seen below are converted to telephone links. This is not to be confused with any formatting apple could be doing on these strings. The link is generated in the sanitize function.
This is causing item IDs for our product to be misrepresented in the UI as phone numbers
This does not happen on desktop, that I have seen
Bug
Input
Given output
Expected output