IDrumsey
Reputation: 115
Which DOMPurify isSupported should I use?
I'm using DOMPurify with Node.js.
Code from here
import { JSDOM } from 'jsdom';
import DOMPurify from 'dompurify';
const window = new JSDOM('').window;
const purify = DOMPurify(window);
const clean = purify.sanitize('<b>hello there</b>');
console.log(DOMPurify.isSupported) // -> false
console.log(purify.isSupported) // -> true
I'm guessing purify.isSupported is the value I should be checking since I'm using node like this. Can I just ignore DOMPurify.isSupported?
I'm assuming DOMPurify.isSupported doesn't matter since I'm using purify to sanitize. Is that correct?
Call me paranoid, just want to avoid XSS.
Upvotes: 0
Views: 540
Answers (1)
Konrad
Reputation: 24681
In the source code, you can see that DOMPurify.isSupported is always false
if (!window || !window.document || window.document.nodeType !== 9) {
// Not running in a browser, provide a factory function
// so that you can pass your own Window
DOMPurify.isSupported = false;
return DOMPurify;
}
Upvotes: 0
Related Questions
- When to use NodeIterator
- In React SharePoint WebPart what are the differences between using 'html-react-parser' & using 'dompurify eslint-plugin-risxss' to securely show HTML
- NodeJS require all modules in one file, good practice?
- Advantages to DOMParser vs template & innerHTML
- Use Browserify and Uglify with Babelify
- how to serve node.js code for browsers with automatic browserify+uglify
- RequireJs VS Browserify which one is best for JS optimization
- Browserify uglify via node script or command line?
- Using Node.js modules in HTML
- Preferred DOM library for parsing html pages with node.js?