diff --git a/packages/nicolium/package.json b/packages/nicolium/package.json index 34d2d1bc1..30b70c7ea 100644 --- a/packages/nicolium/package.json +++ b/packages/nicolium/package.json @@ -93,7 +93,7 @@ "intersection-observer": "^0.12.2", "intl-messageformat": "^11.1.2", "intl-pluralrules": "^2.0.1", - "isomorphic-dompurify": "^3.0.0", + "dompurify": "^3.3.2", "leaflet": "^1.9.4", "lexical": "^0.41.0", "line-awesome": "^1.3.0", diff --git a/packages/nicolium/src/components/preview-card.tsx b/packages/nicolium/src/components/preview-card.tsx index b27babad1..1067be89a 100644 --- a/packages/nicolium/src/components/preview-card.tsx +++ b/packages/nicolium/src/components/preview-card.tsx @@ -1,6 +1,6 @@ import { Link } from '@tanstack/react-router'; import clsx from 'clsx'; -import { sanitize } from 'isomorphic-dompurify'; +import DOMPurify from 'dompurify'; import { type MediaAttachment, type PreviewCard as CardEntity, @@ -71,7 +71,7 @@ interface IPreviewCardVideo { const PreviewCardVideo: React.FC = React.memo( React.forwardRef(({ card }, ref) => { - const html = sanitize(handleIframeUrl(card.html, card.url, card.provider_name), { + const html = DOMPurify.sanitize(handleIframeUrl(card.html, card.url, card.provider_name), { ADD_TAGS: ['iframe'], ADD_ATTR: ['allow', 'allowfullscreen', 'referrerpolicy'], }); diff --git a/packages/nicolium/src/components/statuses/parsed-content.tsx b/packages/nicolium/src/components/statuses/parsed-content.tsx index 438c8c5dc..d0a29eddc 100644 --- a/packages/nicolium/src/components/statuses/parsed-content.tsx +++ b/packages/nicolium/src/components/statuses/parsed-content.tsx @@ -1,10 +1,10 @@ +import DOMPurify from 'dompurify'; import parse, { Element, type HTMLReactParserOptions, domToReact, type DOMNode, } from 'html-react-parser'; -import { sanitize } from 'isomorphic-dompurify'; import groupBy from 'lodash/groupBy'; import minBy from 'lodash/minBy'; import React from 'react'; @@ -345,7 +345,7 @@ function parseContent( }; let content = parse( - sanitize(html, { ADD_ATTR: ['target'], USE_PROFILES: { html: true } }), + DOMPurify.sanitize(html, { ADD_ATTR: ['target'], USE_PROFILES: { html: true } }), options, ); diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index d309428a2..b2031b502 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -163,6 +163,9 @@ importers: detect-passive-events: specifier: ^2.0.3 version: 2.0.3 + dompurify: + specifier: ^3.3.2 + version: 3.3.2 emoji-datasource: specifier: 15.0.1 version: 15.0.1 @@ -196,9 +199,6 @@ importers: intl-pluralrules: specifier: ^2.0.1 version: 2.0.1 - isomorphic-dompurify: - specifier: ^3.0.0 - version: 3.0.0 leaflet: specifier: ^1.9.4 version: 1.9.4 @@ -3585,8 +3585,9 @@ packages: resolution: {integrity: sha512-cgwlv/1iFQiFnU96XXgROh8xTeetsnJiDsTc7TYCLFd9+/WNkIqPTxiM/8pSd8VIrhXGTf1Ny1q1hquVqDJB5w==} engines: {node: '>= 4'} - dompurify@3.3.1: - resolution: {integrity: sha512-qkdCKzLNtrgPFP1Vo+98FRzJnBRGe4ffyCea9IwHB1fyxPOeNTHpLKYGd4Uk9xvNoH0ZoOjwZxNptyMwqrId1Q==} + dompurify@3.3.2: + resolution: {integrity: sha512-6obghkliLdmKa56xdbLOpUZ43pAR6xFy1uOrxBaIDjT+yaRuuybLjGS9eVBoSR/UPU5fq3OXClEHLJNGvbxKpQ==} + engines: {node: '>=20'} domutils@2.8.0: resolution: {integrity: sha512-w96Cjofp72M5IIhpjgobBimYEfoPjx1Vx0BSX9P30WBdZW2WIKU0T1Bd0kz2eNZ9ikjKgHbEyKx8BB6H1L3h3A==} @@ -4310,10 +4311,6 @@ packages: isexe@2.0.0: resolution: {integrity: sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==} - isomorphic-dompurify@3.0.0: - resolution: {integrity: sha512-5K+MYP7Nrg74+Bi+QmQGzQ/FgEOyVHWsN8MuJy5wYQxxBRxPnWsD25Tjjt5FWYhan3OQ+vNLubyNJH9dfG03lQ==} - engines: {node: ^20.19.0 || ^22.12.0 || >=24.0.0} - isomorphic.js@0.2.5: resolution: {integrity: sha512-PIeMbHqMt4DnUP3MA/Flc0HElYjMXArsw1qwJZcm9sqR8mq3l8NYizFMty0pWwE/tzIGH3EKK5+jes5mAr85yw==} @@ -9707,7 +9704,7 @@ snapshots: dependencies: domelementtype: 2.3.0 - dompurify@3.3.1: + dompurify@3.3.2: optionalDependencies: '@types/trusted-types': 2.0.7 @@ -10545,15 +10542,6 @@ snapshots: isexe@2.0.0: {} - isomorphic-dompurify@3.0.0: - dependencies: - dompurify: 3.3.1 - jsdom: 28.1.0 - transitivePeerDependencies: - - '@noble/hashes' - - canvas - - supports-color - isomorphic.js@0.2.5: {} isows@1.0.7(ws@8.19.0):