🧹 Swap to jupyterlab sanitizer for html nodes

jupyter-book · Sep 3, 2023 · 64e97b1 · 64e97b1
1 parent b101149
commit 64e97b1
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 4 deletions.
diff --git a/package.json b/package.json
@@ -59,6 +59,7 @@
   },
   "dependencies": {
     "@jupyterlab/application": "^4.0.0",
+    "@jupyterlab/apputils": "^4.1.5",
     "@jupyterlab/codeeditor": "^4.0.0",
     "@jupyterlab/markdownviewer": "^4.0.0",
     "@jupyterlab/notebook": "^4.0.0",
@@ -67,7 +68,6 @@
     "@myst-theme/diagrams": "^0.3.3",
     "@myst-theme/frontmatter": "^0.3.3",
     "@myst-theme/providers": "^0.3.3",
-    "isomorphic-dompurify": "^1.8.0",
     "katex": "^0.15.2",
     "myst-ext-card": "^1.0.0",
     "myst-ext-exercise": "^1.0.0",

diff --git a/src/renderers.tsx b/src/renderers.tsx
@@ -1,5 +1,5 @@
 import React from 'react';
-import { sanitize } from 'isomorphic-dompurify';
+import { Sanitizer } from '@jupyterlab/apputils';
 import { DEFAULT_RENDERERS } from 'myst-to-react';
 import { MermaidNodeRenderer } from '@myst-theme/diagrams';
 import { NodeRenderer } from '@myst-theme/providers';
@@ -14,9 +14,11 @@ export const renderers: Record<string, NodeRenderer> = {
   },
   listItem,
   html: (node, children) => {
-    // TODO: This needs to be sanitized properly
+    const sanitizer = new Sanitizer();
     return (
-      <span dangerouslySetInnerHTML={{ __html: sanitize(node.value) }}></span>
+      <span
+        dangerouslySetInnerHTML={{ __html: sanitizer.sanitize(node.value) }}
+      ></span>
     );
   }
 };