feat(GlSafeHtmlDirective): Add directive to sanitize html (!1413) · Merge requests · GitLab.org / gitlab-ui

You need to sign in or sign up before continuing.

Dheeraj Joshi requested to merge safe-html into master May 18, 2020

~~Please don't merge this MR until gitlab!31928 (comment 347466020) [LICENCE Approval] get resolved~~

What does this MR do?

This adds a new directive GlSafeHtmlDirective which allows you to sanitize html in Vue

It is basically a safer (secure) version of v-html
The provided HTML is passed to ~~dompurify~~ available HTML sanitizer before it's interpreted.

✅ (Not required now)

Adds a new dependency dompurify (v2.0.11, "MPL-2.0 OR Apache-2.0"), and it should be good as per this.

Also, there is an MR in Gitlab which is going to add the same dependency - gitlab!31928 (merged)

Code review guidelines.
GitLab UI's contributing guidlines.
If it changes a Pajamas-compliant component's look & feel, the MR has been reviewed by a UX designer.
If it changes GitLab UI's documentation guidelines, the MR has been reviewed by a Technical Writer.
If the MR changes a component's API, integration MR(s) have been opened in the following projects to ensure that the @gitlab/ui package can be upgraded quickly after the changes are released:
- GitLab: mr_url
- Customers Portal: mr_url
- Status Page: mr_url
Added the ~"component:*" label(s) if applicable.

Edited Jul 20, 2020 by Dheeraj Joshi