diff --git a/package.json b/package.json index 1dba97c2..ed457688 100644 --- a/package.json +++ b/package.json @@ -40,6 +40,7 @@ "@electron/fuses": "^1.5.0", "@reforged/maker-appimage": "^1.0.2", "@tsconfig/node16-strictest": "^1.0.0", + "@types/dompurify": "^2.3.3", "@types/marked": "^4.0.2", "@types/node": "^18.6.4", "@types/semver": "^7.3.9", diff --git a/sources/code/common/global.ts b/sources/code/common/global.ts index 831613b4..aae455c6 100644 --- a/sources/code/common/global.ts +++ b/sources/code/common/global.ts @@ -2,16 +2,6 @@ * Global.ts – non-Electron depending globally-used module declarations */ -import { sanitize as dompurify } from "dompurify"; - -/** Type safe wrapper around DOMPurify. */ -export function sanitize(html: string, cfg: unknown): string { - const sanitizedValue:unknown = dompurify(html,cfg); - if(typeof sanitizedValue !== "string") - throw new TypeError("Sanitizer returned a non-string value!"); - return sanitizedValue; -} - /** * Outputs a fancy log message in the (DevTools) console. * diff --git a/sources/code/renderer/preload/about.ts b/sources/code/renderer/preload/about.ts index 709368f1..b130ac3d 100644 --- a/sources/code/renderer/preload/about.ts +++ b/sources/code/renderer/preload/about.ts @@ -1,10 +1,11 @@ import { ipcRenderer as ipc } from "electron/renderer"; -import { buildInfo, sanitize, sanitizeConfig } from "../../common/global"; +import { buildInfo, sanitizeConfig } from "../../common/global"; import { getAppPath, getAppHash } from "../../common/modules/electron"; import { resolve } from "path"; import L10N from "../../common/modules/l10n"; import packageJson, { PackageJSON, Person } from "../../common/modules/package"; import { createHash } from "crypto"; +import { sanitize } from "dompurify"; import { appInfo, defaultBuildInfo } from "../../common/modules/client"; /** diff --git a/sources/code/renderer/preload/docs.ts b/sources/code/renderer/preload/docs.ts index 718f47ad..394a3163 100644 --- a/sources/code/renderer/preload/docs.ts +++ b/sources/code/renderer/preload/docs.ts @@ -1,8 +1,9 @@ import { marked } from "marked"; +import { sanitize } from "dompurify"; import { basename, relative, resolve } from "path"; import { existsSync, readFileSync } from "fs"; import { pathToFileURL, fileURLToPath } from "url"; -import { protocols, sanitize } from "../../common/global"; +import { protocols } from "../../common/global"; import * as _hljsmodule from "highlight.js"; const htmlFileUrl = document.URL; @@ -40,7 +41,7 @@ function getId(url:string) { } function loadMarkdown(mdBody: HTMLElement, mdFile: string) { - mdBody.innerHTML = sanitize(marked.parse(readFileSync(mdFile).toString()), {}); + mdBody.innerHTML = sanitize(marked.parse(readFileSync(mdFile).toString())); } function setBody(mdBody: HTMLElement, mdHeader: HTMLElement, mdFile: string, mdArticle: HTMLElement) { diff --git a/sources/code/renderer/preload/settings.ts b/sources/code/renderer/preload/settings.ts index d8c9cdc0..869fd4c0 100644 --- a/sources/code/renderer/preload/settings.ts +++ b/sources/code/renderer/preload/settings.ts @@ -5,7 +5,8 @@ import { ipcRenderer } from "electron/renderer"; import type { htmlConfig } from "../../main/windows/settings"; import type { ConfigElement } from "../../main/modules/config"; import { getBuildInfo } from "../../common/modules/client"; -import { wLog, sanitize, sanitizeConfig, knownInstancesList } from "../../common/global"; +import { wLog, sanitizeConfig, knownInstancesList } from "../../common/global"; +import { sanitize } from "dompurify"; type keys = (o:T) => (keyof T)[]; @@ -68,9 +69,9 @@ function generateSettings(optionsGroups: htmlConfig) { const pDesc = document.createElement("p"); const formContainer = document.createElement("form"); - h2.innerHTML = sanitize(setting.name, {}); + h2.innerHTML = sanitize(setting.name); pDesc.classList.add("description"); - pDesc.innerHTML = sanitize(setting.description, {} as unknown); + pDesc.innerHTML = sanitize(setting.description); formContainer.classList.add("settingsContainer"); if("radio" in setting) {