woocommerce/plugins/woocommerce-blocks/assets/js/utils/sanitize-html.ts

/**
 * External dependencies
 */
import DOMPurify from 'dompurify';

const ALLOWED_TAGS = [ 'a', 'b', 'em', 'i', 'strong', 'p', 'br' ];
const ALLOWED_ATTR = [ 'target', 'href', 'rel', 'name', 'download' ];

export const sanitizeHTML = (
	html: string,
	config?: { tags?: typeof ALLOWED_TAGS; attr?: typeof ALLOWED_ATTR }
) => {
	const tagsValue = config?.tags || ALLOWED_TAGS;
	const attrValue = config?.attr || ALLOWED_ATTR;

	return DOMPurify.sanitize( html, {
		ALLOWED_TAGS: tagsValue,
		ALLOWED_ATTR: attrValue,
	} );
};
Allow rendering HTML in shipping package names (https://github.com/woocommerce/woocommerce-blocks/pull/7147) * Allow renderiung HTML in shipping package names * Sanitize HTML to render * Create reusable util sanitizeHTML * Solve TS error * Remove __experimentalApplyCheckoutFilter 2022-09-26 16:16:44 +00:00			`/**`
			`* External dependencies`
			`*/`
Fix ESLint errors (https://github.com/woocommerce/woocommerce-blocks/pull/7556) * Add type to imports that need it * Add type to imports that need it * Fix the sanitize lint error * Include missing dep * Remove check from deps * bot: update checkstyle.xml Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> 2022-11-02 16:46:14 +00:00			`import DOMPurify from 'dompurify';`
Allow rendering HTML in shipping package names (https://github.com/woocommerce/woocommerce-blocks/pull/7147) * Allow renderiung HTML in shipping package names * Sanitize HTML to render * Create reusable util sanitizeHTML * Solve TS error * Remove __experimentalApplyCheckoutFilter 2022-09-26 16:16:44 +00:00
			`const ALLOWED_TAGS = [ 'a', 'b', 'em', 'i', 'strong', 'p', 'br' ];`
			`const ALLOWED_ATTR = [ 'target', 'href', 'rel', 'name', 'download' ];`

			`export const sanitizeHTML = (`
			`html: string,`
			`config?: { tags?: typeof ALLOWED_TAGS; attr?: typeof ALLOWED_ATTR }`
Fix use of sanitizeHTML (https://github.com/woocommerce/woocommerce-blocks/pull/7231) * Remove object from sanitizeHTML return value * Import sanitizeHTML from utils * Fix dangerously set inner HTML format * Update package-lock * Update package-lock * Update package-lock * Update @types/dompurify version Co-authored-by: Thomas Roberts <5656702+opr@users.noreply.github.com> 2022-10-05 09:59:38 +00:00			`) => {`
Allow rendering HTML in shipping package names (https://github.com/woocommerce/woocommerce-blocks/pull/7147) * Allow renderiung HTML in shipping package names * Sanitize HTML to render * Create reusable util sanitizeHTML * Solve TS error * Remove __experimentalApplyCheckoutFilter 2022-09-26 16:16:44 +00:00			`const tagsValue = config?.tags \|\| ALLOWED_TAGS;`
			`const attrValue = config?.attr \|\| ALLOWED_ATTR;`

Fix ESLint errors (https://github.com/woocommerce/woocommerce-blocks/pull/7556) * Add type to imports that need it * Add type to imports that need it * Fix the sanitize lint error * Include missing dep * Remove check from deps * bot: update checkstyle.xml Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> 2022-11-02 16:46:14 +00:00			`return DOMPurify.sanitize( html, {`
Fix use of sanitizeHTML (https://github.com/woocommerce/woocommerce-blocks/pull/7231) * Remove object from sanitizeHTML return value * Import sanitizeHTML from utils * Fix dangerously set inner HTML format * Update package-lock * Update package-lock * Update package-lock * Update @types/dompurify version Co-authored-by: Thomas Roberts <5656702+opr@users.noreply.github.com> 2022-10-05 09:59:38 +00:00			`ALLOWED_TAGS: tagsValue,`
			`ALLOWED_ATTR: attrValue,`
			`} );`
Allow rendering HTML in shipping package names (https://github.com/woocommerce/woocommerce-blocks/pull/7147) * Allow renderiung HTML in shipping package names * Sanitize HTML to render * Create reusable util sanitizeHTML * Solve TS error * Remove __experimentalApplyCheckoutFilter 2022-09-26 16:16:44 +00:00			`};`