use lib to santilize

KyberNetwork · Oct 3, 2023 · b1995cb · b1995cb
1 parent 8b7e1a9
commit b1995cb
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 2 deletions.
diff --git a/package.json b/package.json
@@ -85,6 +85,7 @@
     "crypto-js": "4.1.1",
     "d3": "^7.6.1",
     "dayjs": "^1.11.6",
+    "dompurify": "^3.0.6",
     "ethers": "^5.4.6",
     "events": "^3.3.0",
     "find-replacement-tx": "^1.2.3",
@@ -156,6 +157,7 @@
     "@types/big.js": "^6.0.0",
     "@types/crypto-js": "4.1.1",
     "@types/d3": "^7.1.0",
+    "@types/dompurify": "^3.0.3",
     "@types/mixpanel-browser": "^2.38.0",
     "@types/multicodec": "^1.0.0",
     "@types/node": "^13.13.52",
@@ -208,4 +210,4 @@
     "@lingui/core": "3.14.0",
     "@lingui/conf": "3.16.0"
   }
-}
+}
diff --git a/src/utils/string.ts b/src/utils/string.ts
@@ -1,4 +1,5 @@
 import { ChainId, Currency, Token } from '@kyberswap/ks-sdk-core'
+import DOMPurify from 'dompurify'
 import { parse } from 'querystring'
 
 import { NETWORKS_INFO, SUPPORTED_NETWORKS } from 'constants/networks'
@@ -34,7 +35,7 @@ export const shortString = (str: string | undefined, n: number) => {
 }
 
 export const escapeScriptHtml = (str: string) => {
-  return str.replace(/<.*?script.*?>.*?<\/.*?script.*?>/gim, '')
+  return DOMPurify.sanitize(str)
 }
 
 export const isEmailValid = (value: string | undefined) =>

diff --git a/yarn.lock b/yarn.lock
@@ -4613,6 +4613,13 @@
   dependencies:
     "@types/ms" "*"
 
+"@types/dompurify@^3.0.3":
+  version "3.0.3"
+  resolved "https://registry.yarnpkg.com/@types/dompurify/-/dompurify-3.0.3.tgz#d34ba1cf4f8b8f2cbfe5d3118dc3b7d81858fa42"
+  integrity sha512-odiGr/9/qMqjcBOe5UhcNLOFHSYmKFOyr+bJ/Xu3Qp4k1pNPAlNLUVNNLcLfjQI7+W7ObX58EdD3H+3p3voOvA==
+  dependencies:
+    "@types/trusted-types" "*"
+
 "@types/estree@^1.0.0":
   version "1.0.0"
   resolved "https://registry.yarnpkg.com/@types/estree/-/estree-1.0.0.tgz#5fb2e536c1ae9bf35366eed879e827fa59ca41c2"
@@ -5056,6 +5063,11 @@
   resolved "https://registry.yarnpkg.com/@types/tough-cookie/-/tough-cookie-2.3.8.tgz#511fc1569cc32b0cf50941fe9f00bf70f94116bb"
   integrity sha512-7axfYN8SW9pWg78NgenHasSproWQee5rzyPVLC9HpaQSDgNArsnKJD88EaMfi4Pl48AyciO3agYCFqpHS1gLpg==
 
+"@types/trusted-types@*":
+  version "2.0.4"
+  resolved "https://registry.yarnpkg.com/@types/trusted-types/-/trusted-types-2.0.4.tgz#2b38784cd16957d3782e8e2b31c03bc1d13b4d65"
+  integrity sha512-IDaobHimLQhjwsQ/NMwRVfa/yL7L/wriQPMhw1ZJall0KX6E1oxk29XMDeilW5qTIg5aoiqf5Udy8U/51aNoQQ==
+
 "@types/trusted-types@^2.0.2":
   version "2.0.3"
   resolved "https://registry.yarnpkg.com/@types/trusted-types/-/trusted-types-2.0.3.tgz#a136f83b0758698df454e328759dbd3d44555311"
@@ -8879,6 +8891,11 @@ domhandler@^4.0.0, domhandler@^4.2.0, domhandler@^4.3.1:
   dependencies:
     domelementtype "^2.2.0"
 
+dompurify@^3.0.6:
+  version "3.0.6"
+  resolved "https://registry.yarnpkg.com/dompurify/-/dompurify-3.0.6.tgz#925ebd576d54a9531b5d76f0a5bef32548351dae"
+  integrity sha512-ilkD8YEnnGh1zJ240uJsW7AzE+2qpbOUYjacomn3AvJ6J4JhKGSZ2nh4wUIXPZrEPppaCLx5jFe8T89Rk8tQ7w==
+
 domutils@^2.5.2, domutils@^2.8.0:
   version "2.8.0"
   resolved "https://registry.yarnpkg.com/domutils/-/domutils-2.8.0.tgz#4437def5db6e2d1f5d6ee859bd95ca7d02048135"