diff --git a/plugins/talk-plugin-rich-text/server/DOMpurify.js b/plugins/talk-plugin-rich-text/server/DOMpurify.js new file mode 100644 index 000000000..faf45875e --- /dev/null +++ b/plugins/talk-plugin-rich-text/server/DOMpurify.js @@ -0,0 +1,12 @@ +const createDOMPurify = require('dompurify'); +const { JSDOM } = require('jsdom'); +const config = require('./config'); + +// Initializing JSDOM and DOMPurify +const window = new JSDOM('', config.jsdom).window; +const DOMPurify = createDOMPurify(window); + +// Setting our secure config +DOMPurify.setConfig(config.dompurify); + +module.exports = DOMPurify; diff --git a/plugins/talk-plugin-rich-text/server/hooks.js b/plugins/talk-plugin-rich-text/server/hooks.js index 81b41b9f0..cd4beac99 100644 --- a/plugins/talk-plugin-rich-text/server/hooks.js +++ b/plugins/talk-plugin-rich-text/server/hooks.js @@ -1,11 +1,5 @@ -const createDOMPurify = require('dompurify'); -const { JSDOM } = require('jsdom'); const { merge, get } = require('lodash'); -const config = require('./config'); - -// Initializing JSDOM and DOMPurify -const window = new JSDOM('', config.jsdom).window; -const DOMPurify = createDOMPurify(window); +const DOMPurify = require('./DOMPurify'); module.exports = { RootMutation: { @@ -14,7 +8,7 @@ module.exports = { // Let's sanitize the body const dirtyInput = input.htmlBody; - const cleanInput = DOMPurify.sanitize(dirtyInput, config.dompurify); + const cleanInput = DOMPurify.sanitize(dirtyInput); // Adding the clean body to the comment.metadata field input.metadata = merge(get(input, 'metadata'), { @@ -27,7 +21,7 @@ module.exports = { // Let's sanitize the body const dirtyInput = edit.htmlBody; - const cleanInput = DOMPurify.sanitize(dirtyInput, config.dompurify); + const cleanInput = DOMPurify.sanitize(dirtyInput); // Adding the clean body to the comment.metadata field edit.metadata = merge(get(edit, 'metadata'), {