More powerful and simple Hook API about dompurify HOT 6 CLOSED

My proposal would be to add two additional hooks:

                /* Execute a hook if present */
                _executeHook('uponSanitizeElement', currentNode, {
                    tagName: tagName
                });

and

                /* Execute a hook if present */
                _executeHook('uponSanitizeAttribute', currentNode, {
                    attrName: attrName, attrValue: tmp.value
                }); 

Those get called once we already verified, that the element is an element and that the attribute is an attribute. In addition, we are passing the verified tag name and the verified attribute name alongside the value.

This should make it far more secure and easy to create a hook as the developer doesn't have to do the whole tedious verification on their own.

from dompurify.

@fhemberger I have added a slightly renovated hook API. Would you mind having a quick look? I think we can release 0.6.2 if all is fine.

from dompurify.

@fhemberger I added some basic code to enable deletion of existing hooks. Mind reviewing it real quick please? Changes: 753053b

from dompurify.

@cure53 Two minimal annotations, besides that LGTM 👍

from dompurify.

@fhemberger Added that. Testing the whole feature on MSIE now, then I think we should be good.

from dompurify.

I am fairly happy with the Hook API for now, closing this ticket until additional needs and requests come in.

from dompurify.