feat: 🎸 sanitize HTML in createElement

AdamGold · AdamGold · commit 172c4809845b · 2020-07-09T16:17:34.000+03:00
diff --git a/src/modules/html.js b/src/modules/html.js
@@ -49,7 +49,7 @@
     var el = document.createElement(tagName);
     if (opt.className) el.className = opt.className;
     if (opt.innerHTML) {
-      el.innerHTML = opt.innerHTML;
+      el.innerHTML = DOMPurify.sanitize(opt.innerHTML);
       var scripts = el.getElementsByTagName("script");
       for (var i = scripts.length; i-- > 0; ) {
         scripts[i].parentNode.removeChild(scripts[i]);
diff --git a/src/node.js b/src/node.js
@@ -2,3 +2,4 @@ global.atob = require("atob");
 global.btoa = require("btoa");
 global.canvg = require("canvg");
 global.GifReader = require("omggif").GifReader;
+global.DOMPurify = require("dompurify")
