Merge pull request #431 from zen-audio-player/xss

Add DOMPurify to address XSS issues; closes #420
zen-audio-player · Apr 21, 2024 · 8449dc0 · 8449dc0
2 parents e1a3fa6 + 773b6f0
commit 8449dc0
Show file tree

Hide file tree

Showing 28 changed files with 26,547 additions and 28 deletions.
diff --git a/.sourcery.yaml b/.sourcery.yaml
@@ -0,0 +1,4 @@
+ignore:
+    - .github
+    - .idea
+    - bower_components
diff --git a/.travis.yml b/.travis.yml
diff --git a/bower.json b/bower.json
@@ -17,10 +17,10 @@
     "font-awesome": "~4.4.0",
     "primer-css": "3.x.x",
     "jquery": "~1.11.x",
-    "keen-js": "~3.4.0",
     "trackjs": "~2.10.1",
     "typeahead.js": "~0.11.1",
     "plyr": "1.6.x",
-    "urijs": "1.18.1"
+    "urijs": "1.18.1",
+    "DOMPurify": "^3.1.0"
   }
 }
diff --git a/bower_components/DOMPurify/.bower.json b/bower_components/DOMPurify/.bower.json
@@ -0,0 +1,42 @@
+{
+  "name": "DOMPurify",
+  "version": "3.1.0",
+  "homepage": "https://github.com/cure53/DOMPurify",
+  "author": "Cure53 <[email protected]>",
+  "description": "A DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG",
+  "main": "src/purify.js",
+  "keywords": [
+    "dom",
+    "xss",
+    "cross site scripting",
+    "html",
+    "svg",
+    "mathml",
+    "sanitizer",
+    "filter",
+    "sanitize",
+    "security",
+    "secure"
+  ],
+  "license": [
+    "MPL-2.0",
+    "Apache-2.0"
+  ],
+  "ignore": [
+    "**/.*",
+    "demos",
+    "scripts",
+    "test",
+    "website"
+  ],
+  "_release": "3.1.0",
+  "_resolution": {
+    "type": "version",
+    "tag": "3.1.0",
+    "commit": "db19269d8f9029cba78eabc9d6b52e73c31702ad"
+  },
+  "_source": "https://github.com/cure53/DOMPurify.git",
+  "_target": "^3.1.0",
+  "_originalSource": "DOMPurify",
+  "_direct": true
+}