Closed ShahriarKh closed 1 year ago
No core feature but you can easily do that with a hook, here are many examples:
https://github.com/cure53/DOMPurify/blob/main/demos/ https://github.com/cure53/DOMPurify/blob/main/demos/hooks-link-proxy-demo.html
Can you please give a full example on how to do this? Should the hook return the element? and what hook should I use?
This is what I tried:
const fakeContent = `<div><div>testing</div><script src="no.com"></script><script src="yes.com"></script><p>some text</p></div>`;
const whitelistedDomains = ['yes.com'];
DOMPurify.addHook('uponSanitizeElement', (currentNode) => {
if (currentNode.tagName == 'SCRIPT') {
if (whitelistedDomains.includes(currentNode.getAttribute('src'))) {
// what should I do here to allow the currentNode?
}
}
});
DOMPurify.sanitize(fakeContent);
console.log(DOMPurify.removed);
This is not an issue; I have a question. Is it possible to allow tags like
iframe
orscript
only if they have a specificsrc
attribute? I tried searching in the docs and some googling, but wasn't able to find the answer.I want to do something like
so only
iframes
coming fromexample.com
are allowed. However, I can't find the correct syntax.