Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add hook on element/attribute removal #881

Closed
Deltaxel opened this issue Nov 30, 2023 · 8 comments
Closed

Add hook on element/attribute removal #881

Deltaxel opened this issue Nov 30, 2023 · 8 comments

Comments

@Deltaxel
Copy link

This issue proposes a feature which add hooks for elements and attributes being removed.

Background & Context

We have a lot of customers adding content to our application. Some of the content being removed by DOM Purify should be kept.
We're not always aware of every tag/attribute our customers are using. So we would like to add some telemetry to keep track of removed content and act quickly when an issue is detected.

This could also help identify potential malicious users.

Input

Given output

No handler called with

Expected output

Handler called with

Feature

I would add a uponRemovedElement and a uponRemovedAttribute hooks.
@cure53
Copy link
Owner

cure53 commented Nov 30, 2023

Sounds great, this is a good idea - want to spin up a PR? Happy to review once done.

@cure53
Copy link
Owner

cure53 commented Dec 12, 2023

@Deltaxel btw, before we start building anything, have you already looked at DOMPurify.removed? That should give you a comprehensive list of elements that have been removed and offer the telemetry you need.

cure53 added a commit that referenced this issue Dec 12, 2023
@cure53
see #881
d7318ee 
feature: added hooks to element and attribute removal
@cure53
Copy link
Owner

cure53 commented Dec 12, 2023

Also, please check the commit above, experimentally added hooks to removal methods.

@Deltaxel
Copy link
Author

Hey, sorry for not replying sooner
I took a look at the PR and I have a slight concern
I had to debug the code before and noticed that attributes gets removed first then added back (not sure if for all of them or specific scenarios)
Wouldn't this trigger your hook even though the element is no actually removed from the document in the end?

@cure53
Copy link
Owner

cure53 commented Dec 13, 2023

Ah, you are right.

But, I still wonder - if it's just about telemetry, do we really need the hooks? DOMPurify.removed should give you all you need already.

cure53 added a commit that referenced this issue Dec 13, 2023
@cure53
see #881
d1e4f21 
chore: removed experimental uponRemove hooks again
@cure53
Copy link
Owner

cure53 commented Dec 13, 2023

We're not always aware of every tag/attribute our customers are using. So we would like to add some telemetry to keep track of removed content and act quickly when an issue is detected.

I strongly believe that this can be done already and quite easily with the tools we already offer, closing the ticket, please reopen if any other use-cases arise

@cure53 cure53 closed this as completed Dec 13, 2023
@Deltaxel
Copy link
Author

You are right DOMPurify.removed would be enough.
I will give it a try.
Thank you!

@cure53
Copy link
Owner

cure53 commented Dec 13, 2023

Cool, thanks :) If that doesn't work, we can look into the extra hooks ofc.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Deltaxel @cure53