Merge pull request #35 from Stassi/feature/codeql-dom-purify-sanitizer

feature/codeql-dom-purify-sanitizer
Stassi · Sep 29, 2024 · 4fce4a1 · 4fce4a1
2 parents 9b838fc + da19aeb
commit 4fce4a1
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 3 deletions.
diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
@@ -36,6 +36,7 @@ jobs:
       - name: Initialization
         uses: github/codeql-action/init@v3.26.9
         with:
+          config-file: './codeql-config.yml'
           languages: 'javascript-typescript'
 
       - name: Analysis

diff --git a/codeql-config.yml b/codeql-config.yml
@@ -0,0 +1,7 @@
+overrides:
+  sanitizers:
+    - name: PurifySanitizer
+      description: Sanitize using DOMPurify.sanitize or its Rollup-injected alias
+      methods:
+        - 'dompurify#sanitize'
+        - 'purify#sanitize'
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@stassi/leaf",
-  "version": "0.0.34",
+  "version": "0.0.35",
   "description": "Leaflet adapter.",
   "keywords": [
     "cartography",