feat: 🎸 sanitize HTML in createElement

parallax · Jul 9, 2020 · d52b628 · d52b628
1 parent f17e926
commit d52b628
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 5 deletions.
diff --git a/src/modules/html.js b/src/modules/html.js
@@ -49,11 +49,7 @@
     var el = document.createElement(tagName);
     if (opt.className) el.className = opt.className;
     if (opt.innerHTML) {
-      el.innerHTML = opt.innerHTML;
-      var scripts = el.getElementsByTagName("script");
-      for (var i = scripts.length; i-- > 0; ) {
-        scripts[i].parentNode.removeChild(scripts[i]);
-      }
+      el.innerHTML = DOMPurify.sanitize(opt.innerHTML);
     }
     for (var key in opt.style) {
       el.style[key] = opt.style[key];

diff --git a/src/node.js b/src/node.js
@@ -2,3 +2,4 @@ global.atob = require("atob");
 global.btoa = require("btoa");
 global.canvg = require("canvg");
 global.GifReader = require("omggif").GifReader;
+global.DOMPurify = require("dompurify")