build: bump dompurify (#681)

peterpeterparker · web-flow · commit 0b1e8cbfaa53 · 2025-07-11T09:10:19.000+02:00
# Motivation

Stay up-to-date with the latest sanitizer improvements.

# Changes

- Bump lib
- Change order of the expected attributes in tests (I did not checked
why as the change seems trivial)
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -74,7 +74,7 @@
   },
   "dependencies": {
     "decimal.js": "^10.6.0",
-    "dompurify": "^3.2.4",
+    "dompurify": "^3.2.6",
     "html5-qrcode": "^2.3.8",
     "marked": "^9.1.0",
     "qr-creator": "^1.0.0"
diff --git a/src/tests/lib/utils/html.utils.spec.ts b/src/tests/lib/utils/html.utils.spec.ts
@@ -25,10 +25,10 @@ describe("html-utils", () => {
     it("should preserve the target attribute", () => {
       expect(
         sanitize(`<a target="_blank" rel="noreferrer" href="/">link</a>`),
-      ).toEqual(`<a href="/" rel="noreferrer" target="_blank">link</a>`);
+      ).toEqual(`<a rel="noreferrer" href="/" target="_blank">link</a>`);
       expect(
         sanitize(`<a target="_blank" rel=" noreferrer " href="/">link</a>`),
-      ).toEqual(`<a href="/" rel="noreferrer" target="_blank">link</a>`);
+      ).toEqual(`<a rel="noreferrer" href="/" target="_blank">link</a>`);
     });
 
     it('should add "noopener" if rel not set', () => {
@@ -40,12 +40,12 @@ describe("html-utils", () => {
     it('should replace unknown|insecure rel value with "noopener"', () => {
       expect(
         sanitize(`<a target="_blank" rel="nocloser" href="/">link</a>`),
-      ).toEqual(`<a href="/" rel="noopener" target="_blank">link</a>`);
+      ).toEqual(`<a rel="noopener" href="/" target="_blank">link</a>`);
       expect(
         sanitize(
           `<a target="_blank" rel="noopenernoreferrer" href="/">link</a>`,
         ),
-      ).toEqual(`<a href="/" rel="noopener" target="_blank">link</a>`);
+      ).toEqual(`<a rel="noopener" href="/" target="_blank">link</a>`);
     });
   });
 });

-Original file line number
+Diff line change
     it("should preserve the target attribute", () => {
       expect(
         sanitize(`<a target="_blank" rel="noreferrer" href="/">link</a>`),
 -      ).toEqual(`<a href="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/" rel="noreferrer" target="_blank">link</a>`);
 +      ).toEqual(`<a rel="noreferrer" href="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/" target="_blank">link</a>`);
       expect(
         sanitize(`<a target="_blank" rel=" noreferrer " href="/">link</a>`),
 -      ).toEqual(`<a href="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/" rel="noreferrer" target="_blank">link</a>`);
 +      ).toEqual(`<a rel="noreferrer" href="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/" target="_blank">link</a>`);
     });
     it('should add "noopener" if rel not set', () => {
     it('should replace unknown|insecure rel value with "noopener"', () => {
       expect(
         sanitize(`<a target="_blank" rel="nocloser" href="/">link</a>`),
 -      ).toEqual(`<a href="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/" rel="noopener" target="_blank">link</a>`);
 +      ).toEqual(`<a rel="noopener" href="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/" target="_blank">link</a>`);
       expect(
         sanitize(
           `<a target="_blank" rel="noopenernoreferrer" href="/">link</a>`,
         ),
 -      ).toEqual(`<a href="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/" rel="noopener" target="_blank">link</a>`);
 +      ).toEqual(`<a rel="noopener" href="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/" target="_blank">link</a>`);
     });
   });
 });