From b1995cbf9a8433c593d67da3acf4dd95c04abb1f Mon Sep 17 00:00:00 2001 From: Danh Date: Tue, 3 Oct 2023 21:58:08 +0700 Subject: [PATCH] use lib to santilize --- package.json | 4 +++- src/utils/string.ts | 3 ++- yarn.lock | 17 +++++++++++++++++ 3 files changed, 22 insertions(+), 2 deletions(-) diff --git a/package.json b/package.json index 819d521cbf..74887c4009 100644 --- a/package.json +++ b/package.json @@ -85,6 +85,7 @@ "crypto-js": "4.1.1", "d3": "^7.6.1", "dayjs": "^1.11.6", + "dompurify": "^3.0.6", "ethers": "^5.4.6", "events": "^3.3.0", "find-replacement-tx": "^1.2.3", @@ -156,6 +157,7 @@ "@types/big.js": "^6.0.0", "@types/crypto-js": "4.1.1", "@types/d3": "^7.1.0", + "@types/dompurify": "^3.0.3", "@types/mixpanel-browser": "^2.38.0", "@types/multicodec": "^1.0.0", "@types/node": "^13.13.52", @@ -208,4 +210,4 @@ "@lingui/core": "3.14.0", "@lingui/conf": "3.16.0" } -} \ No newline at end of file +} diff --git a/src/utils/string.ts b/src/utils/string.ts index 4e56993b2f..78bffa3dcf 100644 --- a/src/utils/string.ts +++ b/src/utils/string.ts @@ -1,4 +1,5 @@ import { ChainId, Currency, Token } from '@kyberswap/ks-sdk-core' +import DOMPurify from 'dompurify' import { parse } from 'querystring' import { NETWORKS_INFO, SUPPORTED_NETWORKS } from 'constants/networks' @@ -34,7 +35,7 @@ export const shortString = (str: string | undefined, n: number) => { } export const escapeScriptHtml = (str: string) => { - return str.replace(/<.*?script.*?>.*?<\/.*?script.*?>/gim, '') + return DOMPurify.sanitize(str) } export const isEmailValid = (value: string | undefined) => diff --git a/yarn.lock b/yarn.lock index 430039ae3b..a4e14a88d9 100644 --- a/yarn.lock +++ b/yarn.lock @@ -4613,6 +4613,13 @@ dependencies: "@types/ms" "*" +"@types/dompurify@^3.0.3": + version "3.0.3" + resolved "https://registry.yarnpkg.com/@types/dompurify/-/dompurify-3.0.3.tgz#d34ba1cf4f8b8f2cbfe5d3118dc3b7d81858fa42" + integrity sha512-odiGr/9/qMqjcBOe5UhcNLOFHSYmKFOyr+bJ/Xu3Qp4k1pNPAlNLUVNNLcLfjQI7+W7ObX58EdD3H+3p3voOvA== + dependencies: + "@types/trusted-types" "*" + "@types/estree@^1.0.0": version "1.0.0" resolved "https://registry.yarnpkg.com/@types/estree/-/estree-1.0.0.tgz#5fb2e536c1ae9bf35366eed879e827fa59ca41c2" @@ -5056,6 +5063,11 @@ resolved "https://registry.yarnpkg.com/@types/tough-cookie/-/tough-cookie-2.3.8.tgz#511fc1569cc32b0cf50941fe9f00bf70f94116bb" integrity sha512-7axfYN8SW9pWg78NgenHasSproWQee5rzyPVLC9HpaQSDgNArsnKJD88EaMfi4Pl48AyciO3agYCFqpHS1gLpg== +"@types/trusted-types@*": + version "2.0.4" + resolved "https://registry.yarnpkg.com/@types/trusted-types/-/trusted-types-2.0.4.tgz#2b38784cd16957d3782e8e2b31c03bc1d13b4d65" + integrity sha512-IDaobHimLQhjwsQ/NMwRVfa/yL7L/wriQPMhw1ZJall0KX6E1oxk29XMDeilW5qTIg5aoiqf5Udy8U/51aNoQQ== + "@types/trusted-types@^2.0.2": version "2.0.3" resolved "https://registry.yarnpkg.com/@types/trusted-types/-/trusted-types-2.0.3.tgz#a136f83b0758698df454e328759dbd3d44555311" @@ -8879,6 +8891,11 @@ domhandler@^4.0.0, domhandler@^4.2.0, domhandler@^4.3.1: dependencies: domelementtype "^2.2.0" +dompurify@^3.0.6: + version "3.0.6" + resolved "https://registry.yarnpkg.com/dompurify/-/dompurify-3.0.6.tgz#925ebd576d54a9531b5d76f0a5bef32548351dae" + integrity sha512-ilkD8YEnnGh1zJ240uJsW7AzE+2qpbOUYjacomn3AvJ6J4JhKGSZ2nh4wUIXPZrEPppaCLx5jFe8T89Rk8tQ7w== + domutils@^2.5.2, domutils@^2.8.0: version "2.8.0" resolved "https://registry.yarnpkg.com/domutils/-/domutils-2.8.0.tgz#4437def5db6e2d1f5d6ee859bd95ca7d02048135"