Revert "93963: Use sanitize-html instead of isomorphic-dompurifier"

samuelcambien · samuelcambien · commit 42608c6b09df · 2022-09-27T17:41:09.000+02:00
This reverts commit a789cb0.
diff --git a/src/app/shared/utils/markdown.pipe.ts b/src/app/shared/utils/markdown.pipe.ts
@@ -1,6 +1,6 @@
 import { Inject, InjectionToken, Pipe, PipeTransform } from '@angular/core';
 import MarkdownIt from 'markdown-it';
-import * as sanitizeHtml from 'sanitize-html';
+import * as DOMPurify from 'isomorphic-dompurify';
 import { DomSanitizer, SafeHtml } from '@angular/platform-browser';
 import { environment } from '../../../environments/environment';
 
@@ -46,38 +46,6 @@ export class MarkdownPipe implements PipeTransform {
     if (environment.markdown.mathjax) {
       md.use(await this.mathjax);
     }
-    return this.sanitizer.bypassSecurityTrustHtml(
-      sanitizeHtml(md.render(value), {
-        // sanitize-html doesn't let through SVG by default, so we extend its allowlists to cover MathJax SVG
-        allowedTags: [
-          ...sanitizeHtml.defaults.allowedTags,
-          'mjx-container', 'svg', 'g', 'path', 'rect', 'text'
-        ],
-        allowedAttributes: {
-          ...sanitizeHtml.defaults.allowedAttributes,
-          'mjx-container': [
-            'class', 'style', 'jax'
-          ],
-          svg: [
-            'xmlns', 'viewBox', 'style', 'width', 'height', 'role', 'focusable', 'alt', 'aria-label'
-          ],
-          g: [
-            'data-mml-node', 'style', 'stroke', 'fill', 'stroke-width', 'transform'
-          ],
-          path: [
-            'd', 'style', 'transform'
-          ],
-          rect: [
-            'width', 'height', 'x', 'y', 'transform', 'style'
-          ],
-          text: [
-            'transform', 'font-size'
-          ]
-        },
-        parser: {
-          lowerCaseAttributeNames: false,
-        },
-      })
-    );
+    return this.sanitizer.bypassSecurityTrustHtml(DOMPurify.sanitize(md.render(value)));
   }
 }
