From 788f0f2451ef20456978ea95a9d61348478a3faf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Muhammed=20Tanr=C4=B1kulu?= Date: Thu, 11 Jul 2024 17:21:06 +0200 Subject: [PATCH] add missing forbid tags config in sanitization (#49) --- package.json | 2 +- src/utils/getImageURI.ts | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/package.json b/package.json index 5175985..23129b3 100644 --- a/package.json +++ b/package.json @@ -1,5 +1,5 @@ { - "version": "1.0.0-alpha.2.ethers.6", + "version": "1.0.0-alpha.3.ethers.6", "license": "MIT", "main": "dist/index.js", "module": "dist/index.esm.js", diff --git a/src/utils/getImageURI.ts b/src/utils/getImageURI.ts index f8716cf..40f83e9 100644 --- a/src/utils/getImageURI.ts +++ b/src/utils/getImageURI.ts @@ -71,7 +71,9 @@ function _sanitize(data: string, jsDomWindow?: any): Buffer { }); // purges malicious scripting from svg content - const cleanDOM = DOMPurify.sanitize(data); + const cleanDOM = DOMPurify.sanitize(data, { + FORBID_TAGS: ['a', 'area', 'base', 'iframe', 'link'], + }); return Buffer.from(cleanDOM); }