perf(v-safe-html): Avoid serialize/parse roundtrip (!1782) · Merge requests · GitLab.org / gitlab-ui

Mark Florian requested to merge safe-html-avoid-serialise-parse-roundtrip into master Oct 07, 2020

What does this MR do?

perf(v-safe-html): Avoid serialize/parse roundtrip

Using innerHTML invokes the browser's parser, and already requires a serialisation step within DOMPurify. By enabling RETURN_DOM_FRAGMENT in DOMPurify, both steps can be avoided.

Does this MR meet the acceptance criteria?

Conformity

Code review guidelines.
GitLab UI's contributing guidlines.
[-] If it changes a Pajamas-compliant component's look & feel, the MR has been reviewed by a UX designer.
[-] If it changes GitLab UI's documentation guidelines, the MR has been reviewed by a Technical Writer.
If the MR changes a component's API, integration MR(s) have been opened in the following projects to ensure that the @gitlab/ui package can be upgraded quickly after the changes are released:
- GitLab: gitlab!44583 (closed)
- [-] Customers Portal: mr_url
- [-] Status Page: mr_url
[-] Added the ~"component:*" label(s) if applicable.

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

Label as security and @ mention @gitlab-com/gl-security/appsec
Security reports checked/validated by a reviewer from the AppSec team

Edited Oct 07, 2020 by Mark Florian

perf(v-safe-html): Avoid serialize/parse roundtrip

What does this MR do?

Does this MR meet the acceptance criteria?

Conformity

Security

Merge request reports