-
-
Save MarcL01/f477d084ef573f7bd398a9c0d3748133 to your computer and use it in GitHub Desktop.
How to parse `login_error_message` using dompurify
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import DOMPurify from 'dompurify'; | |
// Add a hook to make all links open a new window | |
DOMPurify.addHook('afterSanitizeAttributes', function(node) { | |
// set all elements owning target to target=_blank - true for all <a>'s even if they don't have a target attribute defined in html | |
if ('target' in node) { | |
node.setAttribute('target','_blank'); | |
// prevent https://www.owasp.org/index.php/Reverse_Tabnabbing | |
node.setAttribute('rel', 'noopener noreferrer'); | |
} | |
}); | |
// Then once you have a login_error_message value: | |
const sanitizedLoginErrorMessage = DOMPurify.sanitize(login_error_message); | |
document.getElementById('your-error-element').innerHTML = sanitizedLoginErrorMessage; | |
/** | |
* In react you can use dangerouslySetInnerHTML: | |
* <p | |
* dangerouslySetInnerHTML={{ | |
* __html: sanitizedLoginErrorMessage, | |
* }} | |
* /> | |
*/ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment