@bloomreach/spa-sdk
Advanced tools
@bloomreach/spa-sdk - npm Package Compare versions
Comparing version 15.2.2-0 to 15.3.0
@@ -637,2 +637,7 @@ /** | ||
| toJSON(): any; | ||
| /** | ||
| * Sanitize HTML content to allow only safe HTML markups. | ||
| * @param content The HTML content to sanitize. | ||
| */ | ||
| sanitize(content: string): string; | ||
| } | ||
@@ -639,0 +644,0 @@ |
| { | ||
| "name": "@bloomreach/spa-sdk", | ||
| "version": "15.2.2-0", | ||
| "version": "15.3.0", | ||
| "description": "Bloomreach SPA SDK", | ||
@@ -72,2 +72,3 @@ "keywords": [ | ||
| "@types/node": "14.17.3", | ||
| "@types/sanitize-html": "2.3.2", | ||
| "@types/xmldom": "0.1.31", | ||
@@ -93,5 +94,5 @@ "babel-plugin-transform-async-to-promises": "0.8.15", | ||
| "inversify": "5.1.1", | ||
| "reflect-metadata": "0.1.13" | ||
| }, | ||
| "stableVersion": "15.2.1" | ||
| "reflect-metadata": "0.1.13", | ||
| "sanitize-html": "2.4.0" | ||
| } | ||
| } |
@@ -78,2 +78,19 @@ # Bloomreach SPA SDK | ||
| ### Rendering HTML content safely | ||
| The SPA SDK provides an API, ```Page.sanitize(html)```, | ||
| which sanitizes HTML content using the [sanitize-html](https://www.npmjs.com/package/sanitize-html) library, | ||
| to render the HTML content safely. | ||
| For example, in a React example, you may sanitize and render the HTML content which came from the backend like the following example: | ||
| ``` | ||
| {/* Suppose the content.value below contains HTML markups string. */} | ||
| <div> | ||
| {content && <div dangerouslySetInnerHTML={{ __html: page.rewriteLinks(page.sanitize(content.value)) }} />} | ||
| </div> | ||
| ``` | ||
| The same principle may apply in other frameworks. e.g, `v-html` in Vue.js or `[innerHTML]` in Angular. | ||
| ## License | ||
@@ -80,0 +97,0 @@ |
Sorry, the diff of this file is too big to display
Sorry, the diff of this file is too big to display
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Fixed alerts
No v1
QualityPackage is not semver >=1. This means it is not stable and does not support ^ ranges.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by0.39%
436928
- Lines of code
- increased by0.32%
8184
- Number of low quality alerts
- decreased by-100%
0
- Number of lines in readme file
- increased by4.66%
382
Worsened metrics
- Dependency count
- increased by20%
6
- Dev dependency count
- increased by4%
26
Dependency changes
+ Addedsanitize-html@2.4.0
+ Addeddeepmerge@4.3.1(transitive)
+ Addeddom-serializer@1.4.1(transitive)
+ Addeddomelementtype@2.3.0(transitive)
+ Addeddomhandler@4.3.1(transitive)
+ Addeddomutils@2.8.0(transitive)
+ Addedentities@2.2.0(transitive)
+ Addedescape-string-regexp@4.0.0(transitive)
+ Addedhtmlparser2@6.1.0(transitive)
+ Addedis-plain-object@5.0.0(transitive)
+ Addedklona@2.0.6(transitive)
+ Addednanoid@3.3.8(transitive)
+ Addedparse-srcset@1.0.2(transitive)
+ Addedpicocolors@1.1.1(transitive)
+ Addedpostcss@8.5.1(transitive)
+ Addedsanitize-html@2.4.0(transitive)
+ Addedsource-map-js@1.2.1(transitive)