@locker/html-sanitizer powered by DOMPurify

Lightning Web Security HTML and SVG sanitization utilities

This package provides a set of utilities to facilitate the sanitization of HTML and SVG using DOMPurify.

Features

• Caching mechanism to store DOMPurify instances based on configuration objects. This avoids re-parsing the configuration object.
• Utility functions meant to facilitate working with predefined configuration objects required by Locker in various scenarios, i.e sanitization of SVG strings, sanitization of Blob HTML content strings, sanitization of strings that are to be usd with innerHTML, outerHTML etc.
• Hook for sanitizing SVG network resources (even if they are nested).

Upgrading DOMPurify

To upgrade DOMPurify, simply update the version number of the "dompurify" dependency in this package.json and the root package.json.

However, in production, Locker/LWS uses DOMPurify from Aura, and for this reason, the version of DOMPurify used by Locker/LWS in this repo must be kept in sync with the DOMPurify version in Aura.

Please see Aura's DOMPurify documentation for instructions on how to do that.