Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[ESD-13941] Implement a DOMPurify hook to enable target attributes on links #2006

Merged
merged 2 commits into from
Jun 11, 2021

Conversation

stevehobbsdev
Copy link
Contributor

@stevehobbsdev stevehobbsdev commented Jun 10, 2021

Changes

This PR adds a hook for DOMPurify that allows elements that are sanitized
using DOMPurify.sanitize to have target="_blank" attributes, while also
adding rel="noopener noreferrer" to the same element to mitigate against
Tab Nabbing.

The implementation provided in this example serves our purposes, and has been integrated vertabim.

References

Fixes ESD-13941

Testing

  • This change adds unit test coverage
  • This change adds integration test coverage
  • This change has been tested on the latest version of the platform/language

Checklist

@stevehobbsdev stevehobbsdev added this to the vNext milestone Jun 11, 2021
@stevehobbsdev stevehobbsdev merged commit aee1e60 into master Jun 11, 2021
@stevehobbsdev stevehobbsdev deleted the esd-13941/dompurify-config branch June 11, 2021 13:21
@stevehobbsdev stevehobbsdev mentioned this pull request Jun 11, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
review:small Small review
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants