Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Stripes 953v2 - Export sanitize logic for usage at the module level. #79

Merged
merged 8 commits into from
Dec 10, 2024
Merged

Stripes 953v2 - Export sanitize logic for usage at the module level. #79

merged 8 commits into from
Dec 10, 2024

Conversation

JohnC-80
Copy link
Contributor

@JohnC-80 JohnC-80 commented Dec 9, 2024
edited by zburke
Loading

This makes it possible to sanitize the value at the module level, before it enters the loop/value lifecycle of the form. This allows us to get in front of any malicious/problematic values that may be migrated directly to the backend and still uphold the UX of the editor.

The sanitize function requires the value (a string) and an optional override config for DOMPurify. The default configuration is adequate for handling the front-end capabilities of the editor.

import { sanitize } from 'stripes-template-editor';

const valueProp = sanitize(value);
// or
const valueProp = sanitize(value, overrideConfig);

Future work - flat-out remove the built-in sanitization in TemplateEditor.js

Refs STRIPES-953

@JohnC-80 JohnC-80 requested a review from zburke December 9, 2024 20:33
zburke
zburke approved these changes Dec 10, 2024
View reviewed changes
Copy link
Member

@zburke zburke left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Documentation 😍 I suggested a few copy edits that you can take or leave.

@JohnC-80 JohnC-80 merged commit 8071177 into master Dec 10, 2024
13 checks passed
@JohnC-80 JohnC-80 deleted the STRIPES-953v2 branch December 10, 2024 20:40
zburke pushed a commit that referenced this pull request Jan 14, 2025
@JohnC-80 @zburke
Stripes 953v2 - Export sanitize logic for usage at the module level. (#…
522c976 
…79)

* Only use DOMPurify's output if it changed something

* export sanitize functionality for the module level so that sanitization can happen prior to the form state loop

* actually add sanitizer.js

* rename export to SANITIZE_CONFIG, document module-level sanitization

* docs tweaks

* document return type

* Update CHANGELOG.md

(cherry picked from commit 8071177)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zburke zburke zburke approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@JohnC-80 @zburke