Skip to content

Commit 76ebf39

Browse files
Palanikannan1437Palanikannan1437
authored
fix: isomorphic dompurify #8301 
1 parent 67dfe91 commit 76ebf39

File tree

5 files changed

+393
-14
lines changed

5 files changed

+393
-14
lines changed

apps/live/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,6 @@
3232
"@hocuspocus/transformer": "2.15.2",
3333
"@plane/decorators": "workspace:*",
3434
"@plane/editor": "workspace:*",
35-
"@plane/utils": "workspace:*",
3635
"@plane/logger": "workspace:*",
3736
"@plane/types": "workspace:*",
3837
"@sentry/node": "catalog:",
@@ -46,6 +45,7 @@
4645
"express-ws": "^5.0.2",
4746
"helmet": "^7.1.0",
4847
"ioredis": "5.7.0",
48+
"isomorphic-dompurify": "^1.8.0",
4949
"uuid": "catalog:",
5050
"ws": "^8.18.3",
5151
"y-prosemirror": "^1.3.7",

apps/live/src/extensions/title-update/title-utils.ts

Lines changed: 11 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,14 @@
1-
import { sanitizeHTML } from "@plane/utils";
1+
import DOMPurify from "isomorphic-dompurify";
2+
3+
/**
4+
* Sanitizes HTML by removing all HTML tags, leaving only text content
5+
* @param htmlString - The HTML string to sanitize
6+
* @returns The sanitized text with all HTML tags removed
7+
*/
8+
const sanitizeHTML = (htmlString: string): string => {
9+
const sanitizedText = DOMPurify.sanitize(htmlString, { ALLOWED_TAGS: [] }); // sanitize the string to remove all HTML tags
10+
return sanitizedText.trim(); // trim the string to remove leading and trailing whitespaces
11+
};
212

313
/**
414
* Utility function to extract text from HTML content

packages/editor/package.json

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -66,6 +66,7 @@
6666
"emoji-regex": "^10.3.0",
6767
"highlight.js": "^11.8.0",
6868
"is-emoji-supported": "^0.0.5",
69+
"isomorphic-dompurify": "^1.8.0",
6970
"jsx-dom-cjs": "^8.0.3",
7071
"linkifyjs": "^4.3.2",
7172
"lowlight": "^3.0.0",

packages/editor/src/core/helpers/yjs-utils.ts

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ import {
1111
DocumentEditorExtensionsWithoutProps,
1212
} from "@/extensions/core-without-props";
1313
import { TitleExtensions } from "@/extensions/title-extension";
14-
import { sanitizeHTML } from "@plane/utils";
14+
import DOMPurify from "isomorphic-dompurify";
1515

1616
// editor extension configs
1717
const RICH_TEXT_EDITOR_EXTENSIONS = CoreEditorExtensionsWithoutProps;
@@ -207,8 +207,9 @@ export const convertHTMLDocumentToAllFormats = (args: TConvertHTMLDocumentToAllF
207207
};
208208

209209
export const extractTextFromHTML = (html: string): string => {
210-
// Use sanitizeHTML to safely extract text and remove all HTML tags
210+
// Use DOMPurify to safely extract text and remove all HTML tags
211211
// This is more secure than regex as it handles edge cases and prevents injection
212212
// Note: sanitizeHTML trims whitespace, which is acceptable for title extraction
213-
return sanitizeHTML(html) || "";
213+
const sanitizedText = DOMPurify.sanitize(html, { ALLOWED_TAGS: [] }); // sanitize the string to remove all HTML tags
214+
return sanitizedText.trim() || ""; // trim the string to remove leading and trailing whitespaces
214215
};

0 commit comments

Comments
 (0)