improvement: Call DomPurify.addHook only if it exists (#5428)

On server-side execution `dompurify` exports factory function instead of a purifier instance. Because of this, server-side code that imports SwaggerUI (e.g. via `swagger-ui-react`) fails, since `DomPurify.addHook` does not exist. This affects universal rendering apps which share code between client-side and server-side.
2020-06-16 01:37:52 +03:00
parent ca1b19a31b
commit 71d4e59505
1 changed files with 12 additions and 10 deletions
--- a/src/core/components/providers/markdown.jsx
+++ b/src/core/components/providers/markdown.jsx
@@ -5,16 +5,18 @@ import { linkify } from "remarkable/linkify"
 import DomPurify from "dompurify"
 import cx from "classnames"

-DomPurify.addHook("beforeSanitizeElements", function (current, ) {
-  // Attach safe `rel` values to all elements that contain an `href`,
-  // i.e. all anchors that are links.
-  // We _could_ just look for elements that have a non-self target,
-  // but applying it more broadly shouldn't hurt anything, and is safer.
-  if (current.href) {
-    current.setAttribute("rel", "noopener noreferrer")
-  }
-  return current
-})
+if (DomPurify.addHook) {
+  DomPurify.addHook("beforeSanitizeElements", function (current, ) {
+    // Attach safe `rel` values to all elements that contain an `href`,
+    // i.e. all anchors that are links.
+    // We _could_ just look for elements that have a non-self target,
+    // but applying it more broadly shouldn't hurt anything, and is safer.
+    if (current.href) {
+      current.setAttribute("rel", "noopener noreferrer")
+    }
+    return current
+  })
+}

 function Markdown({ source, className = "", getConfigs }) {
  if (typeof source !== "string") {