Open kevbarns opened 8 months ago
Might be a good alternative as its roughly the same size as html-minifier
has anyone found a combination of htmlnano options and preset that works well everywhere?
I tried
but emails are rending blank for some customers of us...
has anyone found a combination of htmlnano options and preset that works well everywhere?
I tried
* minifyCss: false * preset "safe"
but emails are rending blank for some customers of us...
any updates on this?
https://github.com/terser/html-minifier-terser might be another alternative. From my experience (one fairly small project, CLI usage only) the options are pretty much completely compatible, so making the move miiight be simpler than htmlnano.
Minifier-terser is at least 4x the size of htmlnano so it’s not considered as a replacement for us.On 14 May 2024, at 20:53, Peter Law @.***> wrote: https://github.com/terser/html-minifier-terser might be another alternative. From my experience (one fairly small project, CLI usage only) the options are pretty much completely compatible, so making the move miiight be simpler than htmlnano.
—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you commented.Message ID: @.***>
Forgot to mention in this thread, but MJML 5 is available in experimental branch https://www.npmjs.com/package/mjml/v/5.0.0-alpha.4 fixing this CVE with htmlnano + prettier as a 1-1 replacement.
I'm not entirely convinced about prettier as a replacement of js-beautify but couldn't find a minimalistic formatter for MJML yet.
If this CVE could affect you in some way, you should go on experimental branch for now.
Message ID: @.***>
The first call to mjmlto2html on the experimental branch seems to take a long time. It appears htmlnano is lazily loading a bunch of modules. The ANR stack trace I have shows htmlnano/minifyCss as the culprit, but I don't really know why since it's explicitly disabled:
https://github.com/mjmlio/mjml/blob/fix/replace-html-minifier/packages/mjml-core/src/index.js#L404
For now I'm warming this call on application start until I can investigate this further.
https://www.npmjs.com/package/html-minifier-terser
someone forked html-minifier
this could be a quick win ?
Any updates on this?
it appears the CVE-2022-37620 won't get fixed in the
html-minify
package, not maintained anymore as it appears, see https://github.com/kangax/html-minifier/issues/1135On alternative would be to switch to https://github.com/posthtml/htmlnano.