TechQA.

Which DOMPurify isSupported should I use?

310 views Asked by At

I'm using DOMPurify with Node.js.

Code from here

import { JSDOM } from 'jsdom';
import DOMPurify from 'dompurify';

const window = new JSDOM('').window;
const purify = DOMPurify(window);
const clean = purify.sanitize('<b>hello there</b>');

console.log(DOMPurify.isSupported) // -> false
console.log(purify.isSupported) // -> true

I'm guessing purify.isSupported is the value I should be checking since I'm using node like this. Can I just ignore DOMPurify.isSupported?

I'm assuming DOMPurify.isSupported doesn't matter since I'm using purify to sanitize. Is that correct?

Call me paranoid, just want to avoid XSS.

node.js dompurify
Original Q&A
1

There are 1 answers

0
Konrad On BEST ANSWER

In the source code, you can see that DOMPurify.isSupported is always false

if (!window || !window.document || window.document.nodeType !== 9) {
  // Not running in a browser, provide a factory function
  // so that you can pass your own Window
  DOMPurify.isSupported = false;

  return DOMPurify;
}

Related Questions in NODE.JS

Related Questions in DOMPURIFY

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions