feat: 🎸 sanitize HTML in createElement

parallax · Jul 9, 2020 · 172c480 · 172c480
1 parent f17e926
commit 172c480
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 1 deletion.
diff --git a/src/modules/html.js b/src/modules/html.js
@@ -49,7 +49,7 @@
     var el = document.createElement(tagName);
     if (opt.className) el.className = opt.className;
     if (opt.innerHTML) {
-      el.innerHTML = opt.innerHTML;
+      el.innerHTML = DOMPurify.sanitize(opt.innerHTML);
       var scripts = el.getElementsByTagName("script");
       for (var i = scripts.length; i-- > 0; ) {
         scripts[i].parentNode.removeChild(scripts[i]);

diff --git a/src/node.js b/src/node.js
@@ -2,3 +2,4 @@ global.atob = require("atob");
 global.btoa = require("btoa");
 global.canvg = require("canvg");
 global.GifReader = require("omggif").GifReader;
+global.DOMPurify = require("dompurify")