feat: use dompurify to escape text ordinals

2026-04-29 05:05:32 +08:00 · 2023-03-13 10:11:15 +00:00
parent 43d105f2dc
commit a98791ff1b
3 changed files with 21 additions and 1 deletions
--- a/package.json
+++ b/package.json
@@ -176,6 +176,7 @@
    "coinselect": "3.1.13",
    "compare-versions": "4.1.3",
    "dayjs": "1.11.7",
+    "dompurify": "3.0.1",
    "downshift": "6.1.7",
    "ecdsa-sig-formatter": "1.0.11",
    "formik": "2.2.9",
@@ -235,6 +236,7 @@
    "@types/argon2-browser": "1.18.1",
    "@types/chroma-js": "2.1.4",
    "@types/chrome": "0.0.211",
+    "@types/dompurify": "2.4.0",
    "@types/download": "8.0.2",
    "@types/expect-puppeteer": "5.0.2",
    "@types/html-webpack-plugin": "3.2.6",
--- a/src/app/features/collectibles/components/collectible-text.layout.tsx
+++ b/src/app/features/collectibles/components/collectible-text.layout.tsx
@@ -1,4 +1,5 @@
 import { Box, Text } from '@stacks/ui';
+import { sanitize } from 'dompurify';

 import { useTextInscriptionContentQuery } from '@app/query/bitcoin/ordinals/use-text-ordinal-content.query';

@@ -35,7 +36,7 @@ export function CollectibleTextLayout(props: CollectibleTextLayoutProps) {
        backgroundImage: 'linear-gradient(rgba(0,0,0,0), rgba(0,0,0,1))',
      }}
    >
-      <Text>{query.data}</Text>
+      <Text>{sanitize(query.data)}</Text>
    </Box>
  );
 }
--- a/yarn.lock
+++ b/yarn.lock
@@ -5357,6 +5357,13 @@
  dependencies:
    "@types/node" "*"

+"@types/dompurify@2.4.0":
+  version "2.4.0"
+  resolved "https://registry.yarnpkg.com/@types/dompurify/-/dompurify-2.4.0.tgz#fd9706392a88e0e0e6d367f3588482d817df0ab9"
+  integrity sha512-IDBwO5IZhrKvHFUl+clZxgf3hn2b/lU6H1KaBShPkQyGJUQ0xwebezIPSuiyGwfz1UzJWQl4M7BDxtHtCCPlTg==
+  dependencies:
+    "@types/trusted-types" "*"
+
 "@types/download@8.0.2":
  version "8.0.2"
  resolved "https://registry.yarnpkg.com/@types/download/-/download-8.0.2.tgz#2ef0a8b19caec152b51a2efe2e99a6795dcf1ec2"
@@ -5890,6 +5897,11 @@
  resolved "https://registry.yarnpkg.com/@types/tough-cookie/-/tough-cookie-4.0.2.tgz#6286b4c7228d58ab7866d19716f3696e03a09397"
  integrity sha512-Q5vtl1W5ue16D+nIaW8JWebSSraJVlK+EthKn7e7UcD4KWsaSJ8BqGPXNaPghgtcn/fhvrN17Tv8ksUsQpiplw==

+"@types/trusted-types@*":
+  version "2.0.3"
+  resolved "https://registry.yarnpkg.com/@types/trusted-types/-/trusted-types-2.0.3.tgz#a136f83b0758698df454e328759dbd3d44555311"
+  integrity sha512-NfQ4gyz38SL8sDNrSixxU2Os1a5xcdFxipAFxYEuLUlvU2uDwS4NUpsImcf1//SlWItCVMMLiylsxbmNMToV/g==
+
 "@types/uglify-js@*":
  version "3.17.1"
  resolved "https://registry.yarnpkg.com/@types/uglify-js/-/uglify-js-3.17.1.tgz#e0ffcef756476410e5bce2cb01384ed878a195b5"
@@ -9123,6 +9135,11 @@ domhandler@^5.0.1, domhandler@^5.0.2, domhandler@^5.0.3:
  dependencies:
    domelementtype "^2.3.0"

+dompurify@3.0.1:
+  version "3.0.1"
+  resolved "https://registry.yarnpkg.com/dompurify/-/dompurify-3.0.1.tgz#a0933f38931b3238934dd632043b727e53004289"
+  integrity sha512-60tsgvPKwItxZZdfLmamp0MTcecCta3avOhsLgPZ0qcWt96OasFfhkeIRbJ6br5i0fQawT1/RBGB5L58/Jpwuw==
+
 domutils@^2.5.2, domutils@^2.8.0:
  version "2.8.0"
  resolved "https://registry.yarnpkg.com/domutils/-/domutils-2.8.0.tgz#4437def5db6e2d1f5d6ee859bd95ca7d02048135"