Update jquery-fix.js for DataTable allowed tags

[mercury64]

DataTable allowed Tag array has html tags that are non-existant.

This updates the datatable tags to what they should be.

Specifically allows dynamically adding rows to a DataTable.

Current broken jquery-fix.js file:

...
	dataTableAllowedTag = [
		"<tbody/>",
		"<tr/>",
		"<td />",
		"<td/>"
	],
...

Proposed fix:

	dataTableAllowedTag = [
		"<tbody>", "<tr>", "<td>", "<td>",
		"</tbody>", "</tr>", "</td>", "</td>"
	],

Related issues / Requêtes associées
#9293
#9610

Original commit that caused this issue:
581e165

[pearl-nguyen]

This proposed fix is working for me. Please review. Thanks

[pearl-nguyen]

Can we also update jquery-fix to fix the following case:

$("#tbody").append("<tr><td>a</td><td>a</td><td>a</td><td>a</td><td>a</td></tr>")

Change to dataTableAllowedTag does not help to fix this case.

This proposed solution #9293 (comment) fixes this issue

<script> (function(){ const jQueryOriginalFunctions = { append: jQuery.fn.append, prepend: jQuery.fn.prepend, before: jQuery.fn.before, after: jQuery.fn.after, replaceWith: jQuery.fn.replaceWith, init: jQuery.fn.init, html: jQuery.html }; // Prevent WET-BOEW for overriding these functions without causing a TypeError in the WET-BOEW code Object.defineProperty(jQuery.fn, "append", {get:function(){return jQueryOriginalFunctions.append;}, set:function(){}}); Object.defineProperty(jQuery.fn, "prepend", {get:function(){return jQueryOriginalFunctions.prepend;}, set:function(){}}); Object.defineProperty(jQuery.fn, "before", {get:function(){return jQueryOriginalFunctions.before;}, set:function(){}}); Object.defineProperty(jQuery.fn, "after", {get:function(){return jQueryOriginalFunctions.after;}, set:function(){}}); Object.defineProperty(jQuery.fn, "replaceWith", {get:function(){return jQueryOriginalFunctions.replaceWith;}, set:function(){}}); Object.defineProperty(jQuery, "html", {get:function(){return jQueryOriginalFunctions.html;}, set:function(){}}); })(); </script>

[duboisp]

@Garneauma can you review, reproduce the issue and test is change request are fixing it. Thanks

[Garneauma]

@pearl-nguyen I have just tested your fix and unfortunately it doesn't seem to fix the issue.

Question: what is the intention behind adding that row? Is it simply to add a row to your datatable table? If it is, datatable has a simple way to do so: https://datatables.net/reference/api/row.add()

If that is not the case, could you please explain further what is your intention with that append.

Unfortunately, according to this issue: cure53/DOMPurify#324, it seems that the issue with the append is that the browser does not allow rows to be inserted outside of a table element. It is not DOMPurify itself that does not allow it.

[Garneauma]

@pearl-nguyen Do you have any update on this?

[pearl-nguyen]

@Garneauma, we are in the process of rewriting our app. Therefore, we do not want to spend resources on fixing existing applications. Recent version of wet broke the javascript in our applications that require changes in many places. The propsed soluton help to fix the issue. thanks