search

cure53 / DOMPurify

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
https://cure53.de/purify
Other
13.77k stars 708 forks source link

Bower issues : DOMPurify is not defined #961

Closed HakumenNC closed 4 months ago

HakumenNC commented 4 months ago

Background & Context

Hi, sorry in advance for my broken english. We had a legacy project based on bower dependencies management. Thanks, this project is available in this.

Bug

When the project started, i have this :

Uncaught ReferenceError: DOMPurify is not defined

On check in bower file bower.json and .bower.json, the main file declared is : 

"main": "src/purify.js",

I think the right file to use must be : /dist/purify.min.js After some tests with this dist file, it work like a charm

Input

<html>
    <head>
        <script type="text/javascript" src="./bower_components/dompurify/dist/purify.min.js"></script>
        <script>
            var clean = DOMPurify.sanitize("<p>dirty</p>", { ALLOWED_TAGS: [] });
            console.log(clean)
        </script>
    </head>
</html>

Here a mini use case : bower_and_dompurify.zip

Given output

Output with actual bower files : 

Uncaught ReferenceError: DOMPurify is not defined

Expected output

No error

Regards

cure53 commented 4 months ago

Heya, oha, thanks for noticing, does the commit linked above fix the issue for you?

HakumenNC commented 4 months ago

Hello, thanks for the reply 👍🏽

I reproduce this modification, and it works very well

thanks again 🙂

cure53 commented 4 months ago

Cool, we say thanks!

HakumenNC commented 3 months ago

Hi,

Thanks for the new release. Can you make the same fix on 2.X branch or do you prefer i create a new issue for this?

cure53 commented 3 months ago

Aye, sorry - this is now fixed :smile: