chore: update dompurify to ^3.2.1

As [DOMPurify 3.2.0 added TypeScript types][1], this means that we can remove our dependency on the `@types/dompurify` package. [DOMPurify 3.2.0 also adds the `HTML_INTEGRATION_POINTS` option][2], which adds back support for `<foreignObject>`, [which broke in DOMPurify 3.1.7.][3] [1]: https://github.com/cure53/DOMPurify/releases/tag/3.2.0 [2]: e4caa67971 [3]: de2c05cd54
2025-01-14 06:43:25 +08:00 · 2024-11-25 16:32:22 +09:00 · 2024-11-25 16:32:22 +09:00 · fe3cffbb67
commit fe3cffbb67
parent 8328f74751
6 changed files with 19 additions and 24 deletions
--- a/.changeset/neat-rabbits-bake.md
+++ b/.changeset/neat-rabbits-bake.md
@ -0,0 +1,5 @@
+---
+'mermaid': patch
+---
+
+Bump dompurify to `^3.2.1`. This removes the need for `@types/dompurify`.
--- a/packages/mermaid/package.json
+++ b/packages/mermaid/package.json
@ -71,7 +71,6 @@
    "@iconify/utils": "^2.1.32",
    "@mermaid-js/parser": "workspace:^",
    "@types/d3": "^7.4.3",
-    "@types/dompurify": "^3.0.5",
    "cytoscape": "^3.29.2",
    "cytoscape-cose-bilkent": "^4.1.0",
    "cytoscape-fcose": "^2.2.0",
@ -79,7 +78,7 @@
    "d3-sankey": "^0.12.3",
    "dagre-d3-es": "7.0.11",
    "dayjs": "^1.11.10",
-    "dompurify": "^3.0.11 <3.1.7",
+    "dompurify": "^3.2.1",
    "katex": "^0.16.9",
    "khroma": "^2.1.0",
    "lodash-es": "^4.17.21",
--- a/packages/mermaid/src/diagrams/common/common.ts
+++ b/packages/mermaid/src/diagrams/common/common.ts
@ -32,14 +32,14 @@ const setupDompurifyHooksIfNotSetup = (() => {
 function setupDompurifyHooks() {
  const TEMPORARY_ATTRIBUTE = 'data-temp-href-target';

-  DOMPurify.addHook('beforeSanitizeAttributes', (node: Element) => {
-    if (node.tagName === 'A' && node.hasAttribute('target')) {
+  DOMPurify.addHook('beforeSanitizeAttributes', (node) => {
+    if (node instanceof Element && node.tagName === 'A' && node.hasAttribute('target')) {
      node.setAttribute(TEMPORARY_ATTRIBUTE, node.getAttribute('target') ?? '');
    }
  });

-  DOMPurify.addHook('afterSanitizeAttributes', (node: Element) => {
-    if (node.tagName === 'A' && node.hasAttribute(TEMPORARY_ATTRIBUTE)) {
+  DOMPurify.addHook('afterSanitizeAttributes', (node) => {
+    if (node instanceof Element && node.tagName === 'A' && node.hasAttribute(TEMPORARY_ATTRIBUTE)) {
      node.setAttribute('target', node.getAttribute(TEMPORARY_ATTRIBUTE) ?? '');
      node.removeAttribute(TEMPORARY_ATTRIBUTE);
      if (node.getAttribute('target') === '_blank') {
@ -83,7 +83,6 @@ export const sanitizeText = (text: string, config: MermaidConfig): string => {
    return text;
  }
  if (config.dompurifyConfig) {
-    // eslint-disable-next-line @typescript-eslint/no-base-to-string
    text = DOMPurify.sanitize(sanitizeMore(text, config), config.dompurifyConfig).toString();
  } else {
    text = DOMPurify.sanitize(sanitizeMore(text, config), {
--- a/packages/mermaid/src/mermaidAPI.ts
+++ b/packages/mermaid/src/mermaidAPI.ts
@ -455,6 +455,7 @@ const render = async function (
    svgCode = DOMPurify.sanitize(svgCode, {
      ADD_TAGS: DOMPURIFY_TAGS,
      ADD_ATTR: DOMPURIFY_ATTR,
+      HTML_INTEGRATION_POINTS: { foreignobject: true },
    });
  }

--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@ -226,9 +226,6 @@ importers:
      '@types/d3':
        specifier: ^7.4.3
        version: 7.4.3
-      '@types/dompurify':
-        specifier: ^3.0.5
-        version: 3.0.5
      cytoscape:
        specifier: ^3.29.2
        version: 3.30.2
@ -251,8 +248,8 @@ importers:
        specifier: ^1.11.10
        version: 1.11.13
      dompurify:
-        specifier: ^3.0.11 <3.1.7
-        version: 3.1.6
+        specifier: ^3.2.1
+        version: 3.2.1
      katex:
        specifier: ^0.16.9
        version: 0.16.11
@ -2768,9 +2765,6 @@ packages:
  '@types/debug@4.1.12':
    resolution: {integrity: sha512-vIChWdVG3LG1SMxEvI/AK+FWJthlrqlTu7fbrlywTkkaONwk/UAGaULXRlf8vkzFBLVm0zkMdCquhL5aOjhXPQ==}

-  '@types/dompurify@3.0.5':
-    resolution: {integrity: sha512-1Wg0g3BtQF7sSb27fJQAKck1HECM6zV1EB66j8JH9i3LCjYabJa0FSdiSgsD5K/RbrsR0SiraKacLB+T8ZVYAg==}
-
  '@types/estree@0.0.39':
    resolution: {integrity: sha512-EYNwp3bU+98cpU4lAWYYL7Zz+2gryWH1qbdDTidVd6hkiR6weksdbMadyXKXNPEkQFhXM+hVO9ZygomHXp+AIw==}

@ -4720,8 +4714,8 @@ packages:
    resolution: {integrity: sha512-cgwlv/1iFQiFnU96XXgROh8xTeetsnJiDsTc7TYCLFd9+/WNkIqPTxiM/8pSd8VIrhXGTf1Ny1q1hquVqDJB5w==}
    engines: {node: '>= 4'}

-  dompurify@3.1.6:
-    resolution: {integrity: sha512-cTOAhc36AalkjtBpfG6O8JimdTMWNXjiePT2xQH/ppBGi/4uIpmj8eKyIkMJErXWARyINV/sB38yf8JCLF5pbQ==}
+  dompurify@3.2.1:
+    resolution: {integrity: sha512-NBHEsc0/kzRYQd+AY6HR6B/IgsqzBABrqJbpCDQII/OK6h7B7LXzweZTDsqSW2LkTRpoxf18YUP+YjGySk6B3w==}

  domutils@3.1.0:
    resolution: {integrity: sha512-H78uMmQtI2AhgDJjWeQmHwJJ2bLPD3GMmO7Zja/ZZh84wkm+4ut+IUnUdRa8uCGX88DiVx1j6FRe1XfxEgjEZA==}
@ -12125,10 +12119,6 @@ snapshots:
    dependencies:
      '@types/ms': 0.7.34

-  '@types/dompurify@3.0.5':
-    dependencies:
-      '@types/trusted-types': 2.0.7
-
  '@types/estree@0.0.39': {}

  '@types/estree@1.0.6': {}
@ -12970,7 +12960,7 @@ snapshots:
      antlr4: 4.11.0
      color-string: 1.9.1
      dom-to-image-more: 2.16.0
-      dompurify: 3.1.6
+      dompurify: 3.2.1
      file-saver: 2.0.5
      highlight.js: 10.7.3
      html-to-image: 1.11.11
@ -14509,7 +14499,9 @@ snapshots:
    dependencies:
      domelementtype: 2.3.0

-  dompurify@3.1.6: {}
+  dompurify@3.2.1:
+    optionalDependencies:
+      '@types/trusted-types': 2.0.7

  domutils@3.1.0:
    dependencies:
--- a/scripts/tsc-check.ts
+++ b/scripts/tsc-check.ts
@ -38,7 +38,6 @@ const SRC = {
          // to match the real `package.json` values
          'type-fest': '*',
          '@types/d3': '^7.4.3',
-          '@types/dompurify': '^3.0.5',
          typescript: '*',
        },
      },