Comments (4)
First, let's ignore r(m)
function because its purpose is more or less clear and it doesn't add any significant complexity.
I can't give you 100% answers but can share my considerations...
- In the Node environment, this piece of code
module.exports = global.DOMPurify = [some code]
allows us both:
const DOMPurify = require('isomorphic-dompurify');
DOMPurify.sanitize('<iframe>Iframe!</iframe>');
and
require('isomorphic-dompurify');
DOMPurify.sanitize('<iframe>Iframe!</iframe>');
- My guess is that
module.exports = global.DOMPurify = global.DOMPurify || [init logic]
was aimed as a caching mechanism (sort of a singleton), so that if you would import the module twice, it would execute the init logic only once:
require('isomorphic-dompurify');
require('isomorphic-dompurify');
but modern versions of Node cache multiple imports of the same module anyway, so it can be redundant.
-
I was thinking about why we have both conditions for checking whether it's Node:
global.DOMPurify
andtypeof process === 'undefined'
. But then I confirmed that<script type="module"
doesn't haveglobal
object defined, so theglobal
object only exists inside a Node script. -
I still need to check what Webpack produces when configured to compile to es5.
The Isomorphic Unfetch was created quite a while ago and it could be targeted to previous versions of Node and browsers. I guess they tried to predict all possible use cases, such as Webpack, SSR, without SSR, different browsers, different browser versions. And as I already mentioned, I just reused the approach that worked fine for me on other projects.
It's great that there are people who question solutions - that's a rare skill. But if we have some risk to break what's already working well, it'd be great to have it tested in all possible environments. But who can guarantee we tested it everywhere?
from isomorphic-dompurify.
@kkomelin Thanks for diving in!
Is it fair to say that my summary was accurate then? The biggest piece I was missing was some of the context around isomorphic-fetch
and the support for older versions of node
/ browsers?
I don't think we need to change the code - as you noted, this works and a re-write will likely introduce bugs that the isomorphic-fetch
folks already experienced and squashed.
I just like understanding how things work (and, not a formally trained computer scientist, some terms like isomorphic
can be confusing to me 😄 ).
Cheers!
from isomorphic-dompurify.
@stephencweiss Thanks for your kind words and the question.
Let's start from not using "virtual DOM" term in this context because it can be confused with the virtual DOM which is used in React and other modern frontend frameworks. As I understand, JSDOM has a different purpose and implementation.
To be honest, I didn't change much in the skeleton code which is provided by the Isomorphic Unfetch because it worked for me well enough and I didn't find anything suspicious in it at the time of releasing Isomorphic DOMPurify.
But I'm open to improve the code, so please give me some time to check my assumptions and provide a more detailed answer.
from isomorphic-dompurify.
@stephencweiss Yes, I think your summary of the module logic was quite accurate. Thanks again for asking this question. Good one.
It seems like we can close the issue for now but feel free to create new ones when necessary.
from isomorphic-dompurify.
Related Issues (20)
- Merge isomorphic-dompurify additions with dompurify? HOT 2
- Add information about the minimum node version HOT 2
- Request body is being removed HOT 3
- High CPU Utilisation by the library HOT 2
- _isomorphicDompurify.default.sanitize is not a function error in jest environment HOT 1
- ESM Support HOT 4
- target blank get added to every url HOT 1
- Build error when using isomorphic-dompurify in angular 15 universal HOT 8
- Requirements for Node.js 14 HOT 1
- Isomorphic Dompurify Remix support ? HOT 2
- Next.js build error: Window is not defined HOT 33
- String is being sanitized HOT 6
- Request for SemVer Adherence in Future Releases HOT 1
- Web Worker Support HOT 3
- usage import issue with vite named export 'sanitize' not found HOT 4
- use umijs ssr error HOT 4
- Can't resolve 'canvas' on next.js serverless app HOT 41
- dompurify.sanitize clears everything except for whats inside of <body> HOT 2
- Bumping to 0.16.0 - ReferenceError: TextEncoder is not defined HOT 24
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from isomorphic-dompurify.