Update dompurify

Author: pimterry

package-lock.json

@@ -54,7 +54,6 @@
     "@sentry/webpack-plugin": "^2.16.1",
     "@types/base64-arraybuffer": "^0.1.0",
     "@types/dedent": "^0.7.0",
-    "@types/dompurify": "0.0.32",
     "@types/har-format": "^1.2.5",
     "@types/inline-style-prefixer": "^3.0.1",
     "@types/js-beautify": "^1.8.0",
@@ -92,7 +91,7 @@
     "date-fns": "^1.30.1",
     "dedent": "^0.7.0",
     "deserialize-error": "0.0.3",
-    "dompurify": "^2.5.6",
+    "dompurify": "^3.3.3",
     "fast-json-patch": "^3.1.1",
     "fast-xml-parser": "^5.5.7",
     "graphql": "^15.8.0",

package.json

@@ -1,5 +1,5 @@
 import * as Remarkable from 'remarkable';
-import * as DOMPurify from 'dompurify';
+import DOMPurify from 'dompurify';
 
 import { Html } from '../../types';
 
@@ -16,7 +16,9 @@ const linklessMarkdown = new Remarkable({
 
 // Add an extra hook to DOMPurify to enforce link target. Without this, DOMPurify strips
 // every link target entirely.
-DOMPurify.addHook('afterSanitizeAttributes', function (node: Element | HTMLElement) {
+DOMPurify.addHook('afterSanitizeAttributes', function (node) {
+    if (!(node instanceof Element)) return;
+
     // Closely based on example from https://github.com/cure53/DOMPurify/tree/main/demos#hook-to-open-all-links-in-a-new-window-link
 
     // Set all elements owning target to target=_blank
@@ -36,7 +38,9 @@ DOMPurify.addHook('afterSanitizeAttributes', function (node: Element | HTMLEleme
 
 // Add an extra hook to strip relative URLs (markdown largely comes from external sources,
 // and so should never include relative paths!)
-DOMPurify.addHook('afterSanitizeAttributes', function (node: Element | HTMLElement) {
+DOMPurify.addHook('afterSanitizeAttributes', function (node) {
+    if (!(node instanceof Element)) return;
+
     if (node.hasAttribute('href')) {
         const target = node.getAttribute('href');
         if (target?.startsWith('/')) node.removeAttribute('href');