feat(v-safe-html): Switch from sanitize-html to DOMpurify (!1636) · Merge requests · GitLab.org / gitlab-ui

Lukas 'ai-pi' Eipert requested to merge leipert-sanitize-dompurify into master Aug 10, 2020

What does this MR do?

feat(v-safe-html): Switch from sanitize-html to DOMpurify

DOMpurify is much smaller than sanitize-html, with the same capabilities, thus we are switching to it.

BREAKING CHANGE: v-safe-html extended API changed. Under the hood we are now using DOMpurify. Please refer to their API for upgrading: https://github.com/cure53/DOMPurify

Closes #905 (closed)

Does this MR meet the acceptance criteria?

Conformity

Code review guidelines.
GitLab UI's contributing guidlines.
If it changes a Pajamas-compliant component's look & feel, the MR has been reviewed by a UX designer.
If it changes GitLab UI's documentation guidelines, the MR has been reviewed by a Technical Writer.
If the MR changes a component's API, integration MR(s) have been opened in the following projects to ensure that the @gitlab/ui package can be upgraded quickly after the changes are released:
- GitLab: mr_url
- Customers Portal: mr_url
- Status Page: mr_url
Added the ~"component:*" label(s) if applicable.

Edited Aug 13, 2020 by Lukas 'ai-pi' Eipert

feat(v-safe-html): Switch from sanitize-html to DOMpurify

What does this MR do?

Does this MR meet the acceptance criteria?

Conformity

Merge request reports