diff --git a/package-lock.json b/package-lock.json index 021cfa8bc..4c40a12fc 100644 --- a/package-lock.json +++ b/package-lock.json @@ -12,7 +12,7 @@ "@redocly/openapi-core": "^1.4.0", "classnames": "^2.3.2", "decko": "^1.2.0", - "dompurify": "^3.0.6", + "dompurify": "^3.2.4", "eventemitter3": "^5.0.1", "json-pointer": "^0.6.2", "lunr": "^2.3.9", @@ -4124,10 +4124,11 @@ "dev": true }, "node_modules/@types/trusted-types": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/@types/trusted-types/-/trusted-types-2.0.0.tgz", - "integrity": "sha512-I8MnZqNXsOLHsU111oHbn3khtvKMi5Bn4qVFsIWSJcCP1KKDiXX5AEw8UPk0nSopeC+Hvxt6yAy1/a5PailFqg==", - "dev": true + "version": "2.0.7", + "resolved": "https://registry.npmjs.org/@types/trusted-types/-/trusted-types-2.0.7.tgz", + "integrity": "sha512-ScaPdn1dQczgbl0QFTeTOmVHFULt394XJgOQNoyVhZ6r2vLnMLJfBPd53SB52T/3G36VI1/g2MZaX0cwDuXsfw==", + "devOptional": true, + "license": "MIT" }, "node_modules/@types/webpack": { "version": "5.28.0", @@ -7559,9 +7560,13 @@ } }, "node_modules/dompurify": { - "version": "3.1.3", - "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.1.3.tgz", - "integrity": "sha512-5sOWYSNPaxz6o2MUPvtyxTTqR4D3L77pr5rUQoWgD5ROQtVIZQgJkXbo1DLlK3vj11YGw5+LnF4SYti4gZmwng==" + "version": "3.2.4", + "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.2.4.tgz", + "integrity": "sha512-ysFSFEDVduQpyhzAob/kkuJjf5zWkZD8/A9ywSp1byueyuCfHamrCBa14/Oc2iiB0e51B+NpxSl5gmzn+Ms/mg==", + "license": "(MPL-2.0 OR Apache-2.0)", + "optionalDependencies": { + "@types/trusted-types": "^2.0.7" + } }, "node_modules/domutils": { "version": "2.7.0", @@ -22353,10 +22358,10 @@ "dev": true }, "@types/trusted-types": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/@types/trusted-types/-/trusted-types-2.0.0.tgz", - "integrity": "sha512-I8MnZqNXsOLHsU111oHbn3khtvKMi5Bn4qVFsIWSJcCP1KKDiXX5AEw8UPk0nSopeC+Hvxt6yAy1/a5PailFqg==", - "dev": true + "version": "2.0.7", + "resolved": "https://registry.npmjs.org/@types/trusted-types/-/trusted-types-2.0.7.tgz", + "integrity": "sha512-ScaPdn1dQczgbl0QFTeTOmVHFULt394XJgOQNoyVhZ6r2vLnMLJfBPd53SB52T/3G36VI1/g2MZaX0cwDuXsfw==", + "devOptional": true }, "@types/webpack": { "version": "5.28.0", @@ -24891,9 +24896,12 @@ } }, "dompurify": { - "version": "3.1.3", - "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.1.3.tgz", - "integrity": "sha512-5sOWYSNPaxz6o2MUPvtyxTTqR4D3L77pr5rUQoWgD5ROQtVIZQgJkXbo1DLlK3vj11YGw5+LnF4SYti4gZmwng==" + "version": "3.2.4", + "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.2.4.tgz", + "integrity": "sha512-ysFSFEDVduQpyhzAob/kkuJjf5zWkZD8/A9ywSp1byueyuCfHamrCBa14/Oc2iiB0e51B+NpxSl5gmzn+Ms/mg==", + "requires": { + "@types/trusted-types": "^2.0.7" + } }, "domutils": { "version": "2.7.0", diff --git a/package.json b/package.json index 527c9d208..e646481c4 100644 --- a/package.json +++ b/package.json @@ -141,7 +141,7 @@ "@redocly/openapi-core": "^1.4.0", "classnames": "^2.3.2", "decko": "^1.2.0", - "dompurify": "^3.0.6", + "dompurify": "^3.2.4", "eventemitter3": "^5.0.1", "json-pointer": "^0.6.2", "lunr": "^2.3.9", diff --git a/src/components/Markdown/SanitizedMdBlock.tsx b/src/components/Markdown/SanitizedMdBlock.tsx index b05e5b50d..13bfec49f 100644 --- a/src/components/Markdown/SanitizedMdBlock.tsx +++ b/src/components/Markdown/SanitizedMdBlock.tsx @@ -6,11 +6,14 @@ import { StylingMarkdownProps } from './Markdown'; import { StyledMarkdownBlock } from './styled.elements'; import styled from 'styled-components'; +// Workaround for DOMPurify type issues (https://github.com/cure53/DOMPurify/issues/1034) +const dompurify = DOMPurify['default'] as DOMPurify.DOMPurify; + const StyledMarkdownSpan = styled(StyledMarkdownBlock)` display: inline; `; -const sanitize = (sanitize, html) => (sanitize ? DOMPurify.sanitize(html) : html); +const sanitize = (sanitize, html) => (sanitize ? dompurify.sanitize(html) : html); export function SanitizedMarkdownHTML({ inline,