Comments (4)
I agree with you, its best we keep things simple right now until we really have a good use-case to do otherwise 👍 Good idea getting the smoke test up
from isomorphic-dompurify.
It's always nice to have someone to discuss things with and find an optimal solution together. Thanks for being open for that.
I will then close the issue for now.
from isomorphic-dompurify.
Unfortunately it looks like DOMPurify intentionally isn't using semantic versioning meaning that we will just have to do our own thing. I'm not sure how I feel about this, but another idea we had would be to DOMPurify's versioning and add an extra digit on the end for when we need to make bug fixes.
Ex: If DOMPurify is at v2.0.11, we could bump ourselves to v2.0.110. Then if we need to make any bug fixes ourselves we can increment the last digit ex: 2.0.111. It doesn't follow semantic versioning which is why i'm not sure how I feel about it, but would make it easier to for consumers of isomorphic-dompurify
to know which version of DOMPurify they are using.
from isomorphic-dompurify.
@NicholasEllul I can guess why DOMPurify guys don't like the semantic versioning. It's probably because they constantly add small features/additions to their project. And the additions are too small to create minor versions.
Let's try to think as our users. As a user of isomorphic-dompurify, I would like my code to be sanitized at server and client sides. I don't want to know what are differences between 2.0.8 and 2.0.11 versions of DOMPurify unless it stops sanitizing my HTML. And my second need is I want it to be of the latest version to keep my code secure.
As for the sanitization, we have the smoke test which checks it. We can always develop more tests to ensure DOMPurify serves its main purpose well.
As for keeping DOMPurify dependency up to date, we now have Dependabot taking care of it, so this need is also covered with our current setup.
What I want to say is that we should be Okay without mirroring DOMPurify versions at least until our users ask us to do the opposite. What do you think?
from isomorphic-dompurify.
Related Issues (20)
- Merge isomorphic-dompurify additions with dompurify? HOT 2
- Add information about the minimum node version HOT 2
- Request body is being removed HOT 3
- High CPU Utilisation by the library HOT 2
- _isomorphicDompurify.default.sanitize is not a function error in jest environment HOT 1
- ESM Support HOT 4
- target blank get added to every url HOT 1
- Build error when using isomorphic-dompurify in angular 15 universal HOT 8
- Requirements for Node.js 14 HOT 1
- Isomorphic Dompurify Remix support ? HOT 2
- Next.js build error: Window is not defined HOT 33
- String is being sanitized HOT 6
- Request for SemVer Adherence in Future Releases HOT 1
- Web Worker Support HOT 3
- usage import issue with vite named export 'sanitize' not found HOT 4
- Cannot find package on server with Nuxt HOT 8
- Sanitize returns empty string when `PARSER_MEDIA_TYPE: application/xhtml+xml` and void tags HOT 7
- Can't resolve 'canvas' on next.js serverless app HOT 41
- dompurify.sanitize clears everything except for whats inside of <body> HOT 2
- Bumping to 0.16.0 - ReferenceError: TextEncoder is not defined HOT 24
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from isomorphic-dompurify.