improvement: sanitization via DOMPurify (#4513)

* swap `sanitize-html` for `dompurify` * set up node enzyme tests with jsdom dompurify, as the name suggests, needs a DOM or it won't work! * reconcile tests and sanitizer settings * remove obsolete sanitizeOptions * add `jsdom` dependency
2018-05-04 10:06:44 -07:00
parent 8055129dd2
commit 75747424cf
4 changed files with 37 additions and 25 deletions
--- a/package.json
+++ b/package.json
@@ -31,7 +31,7 @@
    "test": "npm run lint-errors && npm run just-test-in-node",
    "test-in-node": "npm run lint-errors && npm run just-test-in-node",
    "just-test": "karma start --config karma.conf.js",
-    "just-test-in-node": "mocha --recursive --compilers js:babel-core/register test/core test/components test/bugs test/swagger-ui-dist-package test/xss",
+    "just-test-in-node": "mocha --require test/setup.js --recursive --compilers js:babel-core/register test/core test/components test/bugs test/swagger-ui-dist-package test/xss",
    "just-check-coverage": "nyc npm run just-test-in-node",
    "test-e2e": "sleep 3 && nightwatch test/e2e/scenarios/ --config test/e2e/nightwatch.json",
    "e2e-initial-render": "nightwatch test/e2e/scenarios/ --config test/e2e/nightwatch.json --group initial-render",
@@ -48,6 +48,7 @@
    "core-js": "^2.5.1",
    "css.escape": "1.5.1",
    "deep-extend": "0.4.1",
+    "dompurify": "^1.0.4",
    "expect": "1.20.2",
    "getbase": "^2.8.2",
    "ieee754": "^1.1.8",
@@ -80,7 +81,6 @@
    "redux-logger": "*",
    "remarkable": "^1.7.1",
    "reselect": "2.5.3",
-    "sanitize-html": "^1.14.1",
    "scroll-to-element": "^2.0.0",
    "serialize-error": "2.0.0",
    "shallowequal": "0.2.2",
@@ -119,6 +119,7 @@
    "file-loader": "0.11.2",
    "git-describe": "^4.0.1",
    "imports-loader": "0.7.1",
+    "jsdom": "^11.10.0",
    "json-loader": "0.5.4",
    "json-server": "^0.11.0",
    "karma": "^1.7.0",