Closed sgudishettys closed 4 months ago
cure53
commented
5 months ago I am unsure if that is something we want to address with our core library to be frank. DOMPurify has a purpose and that is remove nasty HTML from strings and nodes.
If we now start handling numbers as well, we also need to do dates, regexes, etc.
Not wanting to sound dismissive., but I think this is not our bug and for now I see no strong reason to address it.
cure53
commented
5 months ago Oh and, what speaks against using DOMPurify.sanitize(0..toString()) instead? Meaning, making sure that the data format is as expected by the library before handing it over?
I see no need to throw integers into a HTML sanitizer in general, and it should be easy to simply convert everything to a string before calling sanitize().
sgudishettys
commented
4 months ago @cure53 will try using tostring() thanks .
the exception I was getting in immediate window in my .net application. leaving about it, can we fix below issue. when passing 0 we are getting "" as response. . Dompurify.sanitize(0) ---> gives "" (empty ) as response . can we get it as 0 instead of "".
This is causing a serious problem for us. as we are showing integer values on a grid where we are seeing nothing if the value is 0 .
please try below to check.
var a= 0; var b = DOMPurify.sanitize(a); console.log("a: " + a ); console.log("b: " + b );
output we see. a: 0 b:
this will be very helpful for us as we had to add zero validation before calling dompurify at every place if this is not fixed.
thanks a lot for your time .
Originally posted by @sgudishettys in https://github.com/cure53/DOMPurify/issues/947#issuecomment-2100632149