I'm using DOMPurify with Node.js.
Code from here
import { JSDOM } from 'jsdom';
import DOMPurify from 'dompurify';
const window = new JSDOM('').window;
const purify = DOMPurify(window);
const clean = purify.sanitize('<b>hello there</b>');
console.log(DOMPurify.isSupported) // -> false
console.log(purify.isSupported) // -> true
I'm guessing purify.isSupported is the value I should be checking since I'm using node like this. Can I just ignore DOMPurify.isSupported?
I'm assuming DOMPurify.isSupported doesn't matter since I'm using purify to sanitize. Is that correct?
Call me paranoid, just want to avoid XSS.
In the source code, you can see that DOMPurify.isSupported is always false
if (!window || !window.document || window.document.nodeType !== 9) {
// Not running in a browser, provide a factory function
// so that you can pass your own Window
DOMPurify.isSupported = false;
return DOMPurify;
}