Giter Club home page Giter Club logo

Comments (4)

NicholasEllul avatar NicholasEllul commented on May 24, 2024 1

I agree with you, its best we keep things simple right now until we really have a good use-case to do otherwise 👍 Good idea getting the smoke test up

from isomorphic-dompurify.

kkomelin avatar kkomelin commented on May 24, 2024 1

It's always nice to have someone to discuss things with and find an optimal solution together. Thanks for being open for that.
I will then close the issue for now.

from isomorphic-dompurify.

NicholasEllul avatar NicholasEllul commented on May 24, 2024

Unfortunately it looks like DOMPurify intentionally isn't using semantic versioning meaning that we will just have to do our own thing. I'm not sure how I feel about this, but another idea we had would be to DOMPurify's versioning and add an extra digit on the end for when we need to make bug fixes.

Ex: If DOMPurify is at v2.0.11, we could bump ourselves to v2.0.110. Then if we need to make any bug fixes ourselves we can increment the last digit ex: 2.0.111. It doesn't follow semantic versioning which is why i'm not sure how I feel about it, but would make it easier to for consumers of isomorphic-dompurify to know which version of DOMPurify they are using.

from isomorphic-dompurify.

kkomelin avatar kkomelin commented on May 24, 2024

@NicholasEllul I can guess why DOMPurify guys don't like the semantic versioning. It's probably because they constantly add small features/additions to their project. And the additions are too small to create minor versions.

Let's try to think as our users. As a user of isomorphic-dompurify, I would like my code to be sanitized at server and client sides. I don't want to know what are differences between 2.0.8 and 2.0.11 versions of DOMPurify unless it stops sanitizing my HTML. And my second need is I want it to be of the latest version to keep my code secure.

As for the sanitization, we have the smoke test which checks it. We can always develop more tests to ensure DOMPurify serves its main purpose well.

As for keeping DOMPurify dependency up to date, we now have Dependabot taking care of it, so this need is also covered with our current setup.

What I want to say is that we should be Okay without mirroring DOMPurify versions at least until our users ask us to do the opposite. What do you think?

from isomorphic-dompurify.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.