I am using dompurify for a RichText component I have. I was hoping to add in a rule that would remove all &nbps; in the string. Here is some example code:
const content = '<p style="color:blue">Hello<span> </span>world</p>'
const customSanitizer = {
FORBID_ATTR: ['id', 'data-react-mount', 'data-react-props-id'],
ALLOW_DATA_ATTR: false,
}
const cleanedContent = DOMPurify.sanitize(content, customSanitizer)
The desired result is that the value of cleanedContent equals:
<p style="color:blue">Hello world</p>
Is there anything I can add to customSanitizer to implement this?
According to the documentation, DOMPurify is meant to prevent XSS attacks by sanitizing input. Your desire to strip does not quite fit into that category since isn't going to cause a XSS problem, and so (while you could create a custom sanitizer with DOMPurify), you would be better off to just use the native String.prototype.replaceAll() method:
const content = document.querySelector("p");
content.innerHTML = content.innerHTML.replaceAll(" ","");
console.log(content.innerHTML);<p style="color:blue">Hello<span> </span>world</p>