-
Notifications
You must be signed in to change notification settings - Fork 355
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update sanitize-html from 2.1.0 to 2.12.1 fails. Module parse failed: Unexpected token. #663
Comments
Two comments:
|
Can you provide better steps to replicate the error? Again, there isn't a build script. |
As state here the issue (I'm having the same one) is your webpack version. |
Thanks @Insomniak313! - I thought it was something with the version of htmlparser2. |
I am using Updating Node.js or Webpack is not possible for us on all environments, or restructuring our backend for that matter. Webpack 5 behaves badly with circular imports (our project has over 500 of these) while Webpack 4 just chews 'em all good and produces a working bundle. What works currently is locking this module using I was comparing the source code of the project and not much changed. So another solution might be to force at the My two cents. Alternatively just make a version 2.7.4 with the security patch. Thank you. |
Could this issue be fixed by bumping htmlparser2 to 9.0.0 or 9.1.0? |
Ran into the same issue, downgrading to 2.1.0 for now helped (as we are stuck on Node 16 for the time being). Problem is not present when using a higher version of Node/Webpacker, and in our branch with upgraded Node/Webpacker version it works fine with 2.12.1. |
@adamreisnz read my comment #663 (comment)
Using earlier versions will make you vulnerable to exploits. |
Am aware, but as I said we have no choice as stuck on Node 16 for a while
longer.
…On Sat, 9 Nov 2024, 00:45 Jorge Oliveira, ***@***.***> wrote:
@adamreisnz <https://github.com/adamreisnz> read my comment #663 (comment)
<#663 (comment)>
What works currently is locking this module using "sanitize-html":
"~2.7.3" on the package.json dependencies, then I manually apply commit
c5dbdf7
<c5dbdf7>
using patch-package <https://www.npmjs.com/package/patch-package> to get
rid of the security vulnerability.
Using earlier versions will make you vulnerable to exploits.
—
Reply to this email directly, view it on GitHub
<#663 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AADXYQWRBFTUQPWBP7YBWLDZ7SP6JAVCNFSM6AAAAABGKSVWASVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDINRUGUYTSNJRHE>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
Version 2.7.3 works on node.js 16 (runs as far back as node.js 12). Use this instead of 2.1.0 if you can. #663 (comment) |
Thanks, I'll check it out.
…On Sat, 9 Nov 2024, 07:13 Jorge Oliveira, ***@***.***> wrote:
Version 2.7.3 works on node.js 16 (runs as far back as node.js 12).
Use this instead of 2.1.0 if you can. #663 (comment)
<#663 (comment)>
—
Reply to this email directly, view it on GitHub
<#663 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AADXYQTBACVMWJJ6YC7P66LZ7T5K7AVCNFSM6AAAAABGKSVWASVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDINRVGQ3TAOJRGA>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
Ended up using DOMPurify, as we were also running into #639 in the latest version using Vite. |
To Reproduce
Step by step instructions to reproduce the behavior:
Expected behavior
Describe the bug
Details
Version of Node.js:
Server Operating System:
Additional context:
The text was updated successfully, but these errors were encountered: