perf: prevent adding multiple DOMPurify hooks

Currently, everytime `removeScript()` is called, the same DOMPurify hooks are getting added again and again. Co-authored-by: Alois Klink <alois@aloisklink.com>
2024-01-25 23:28:42 +05:30 · 2024-01-25 23:28:42 +05:30 · 1c200ee5bc
parent 6939cf52e6
commit 1c200ee5bc
1 changed files with 24 additions and 9 deletions
--- a/packages/mermaid/src/diagrams/common/common.ts
+++ b/packages/mermaid/src/diagrams/common/common.ts
@ -18,13 +18,18 @@ export const getRows = (s?: string): string[] => {
  return str.split('#br#');
 };

-/**
- * Removes script tags from a text
- *
- * @param txt - The text to sanitize
- * @returns The safer text
- */
-export const removeScript = (txt: string): string => {
+const setupDompurifyHooksIfNotSetup = (() => {
+  let setup = false;
+
+  return () => {
+    if (!setup) {
+      setupDompurifyHooks();
+      setup = true;
+    }
+  };
+})();
+
+function setupDompurifyHooks() {
  const TEMPORARY_ATTRIBUTE = 'data-temp-href-target';

  DOMPurify.addHook('beforeSanitizeAttributes', (node: Element) => {
@ -33,8 +38,6 @@ export const removeScript = (txt: string): string => {
    }
  });

-  const sanitizedText = DOMPurify.sanitize(txt);
-
  DOMPurify.addHook('afterSanitizeAttributes', (node: Element) => {
    if (node.tagName === 'A' && node.hasAttribute(TEMPORARY_ATTRIBUTE)) {
      node.setAttribute('target', node.getAttribute(TEMPORARY_ATTRIBUTE) || '');
@ -44,6 +47,18 @@ export const removeScript = (txt: string): string => {
      }
    }
  });
+}
+
+/**
+ * Removes script tags from a text
+ *
+ * @param txt - The text to sanitize
+ * @returns The safer text
+ */
+export const removeScript = (txt: string): string => {
+  setupDompurifyHooksIfNotSetup();
+
+  const sanitizedText = DOMPurify.sanitize(txt);

  return sanitizedText;
 };