Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove HTML sanitizer #3956

Closed
iamareebjamal opened this issue Feb 1, 2020 · 7 comments · Fixed by #4390
Closed

Remove HTML sanitizer #3956

iamareebjamal opened this issue Feb 1, 2020 · 7 comments · Fixed by #4390
Labels
codeheat needs-info refactor
Milestone
Bug and Test Sprint

Comments

@iamareebjamal
Copy link
Member

iamareebjamal commented Feb 1, 2020
edited
Loading

https://github.com/apostrophecms/sanitize-html#browser

It is meant to be used in node servers. Not browsers. It takes up a huge chunk of bundle as well.

As written in the repo, think, why do you need to sanitize HTML on client? That is the job of server. Besides I believe, we shouldn't even be storing HTML in backend. It should store markup like markdown, not DOM (#2493). Most people are not using our rich descriptions feature and it is needlessly storing <p> tags in DB without any reason

Trigger Reason: We need to allow polyfills of node dependencies like path in order to include it in the build - embroider-build/ember-auto-import#224 (comment)
As ember-auto-import now correctly removes node builtins being polyfilled

Edit:
HTML-sanitizer has been relaced with dompurify

180 KB -> 16 KB

We still have to remove sanitization from frontend, its role of the backend
@adrijshikhar
Copy link
Contributor

@iamareebjamal i would like to work on this, can you help me out?

@iamareebjamal
Copy link
Member Author

You can start with beginner-friendly issues

@adrijshikhar
Copy link
Contributor

people have already called dibs on most the issues. i will still explore.

@iamareebjamal iamareebjamal mentioned this issue May 19, 2020
Merged
@iamareebjamal
Copy link
Member Author

HTML-sanitizer has been relaced with dompurify

180 KB -> 16 KB

Reopening to completely remove sanitizer from frontend

@iamareebjamal iamareebjamal reopened this May 19, 2020
@mariobehling mariobehling added this to the Bug and Test Sprint July milestone Jul 20, 2020
@Haider8
Copy link
Contributor

Haider8 commented Jul 28, 2020

@iamareebjamal Can I work on this?

@iamareebjamal
Copy link
Member Author

Not a priority now. Work on newly raised issues.

@maze-runnar
Copy link
Contributor

I am not finding any instance of html-sanitizer in the project currently. Feel free to reopen if you find something. @pc-beast @progmatic-99

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
codeheat needs-info refactor
Projects
None yet
Milestone
Bug and Test Sprint
Development

Successfully merging a pull request may close this issue.

chore: Replace html-sanitizer with dompurify iamareebjamal/open-event-frontend
5 participants
@mariobehling @iamareebjamal @adrijshikhar @Haider8 @maze-runnar