Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

DOMPurify is done within the notifications package #1401

Merged
merged 2 commits into from Apr 19, 2018

Conversation

Projects
None yet
1 participant
@smashwilson
Copy link
Member

smashwilson commented Apr 19, 2018

atom/notifications#187, atom/notifications#188, and atom/notifications#189 use DOMPurify on all notification descriptions. Because we were only using DOMPurify to sanitize stderr before sending it to the notifications package, it's no longer necessary (and I've confirmed that I still can't create a branch called <iframe src="file:///etc/passwd" />).

This saves us from needing to address some of the DOMPurify/snapshotting problems that we already solved in atom/notifications.

Fixes #1397.

@smashwilson

This comment has been minimized.

Copy link
Member Author

smashwilson commented Apr 19, 2018

Note to self: relies on notifications v0.70.5. Don't cherry-pick this to an Atom release without that version 👀

@smashwilson smashwilson merged commit b317852 into master Apr 19, 2018

3 checks passed

ci/circleci Your tests passed on CircleCI!
Details
continuous-integration/appveyor/pr AppVeyor build succeeded
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details

@smashwilson smashwilson deleted the aw/notifications-purified branch Apr 19, 2018

smashwilson added a commit that referenced this pull request Apr 19, 2018

Merge pull request #1401 from atom/aw/notifications-purified
DOMPurify is done within the notifications package
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.