Skip to content

perf(v-safe-html): Avoid serialize/parse roundtrip

Mark Florian requested to merge safe-html-avoid-serialise-parse-roundtrip into master

What does this MR do?

perf(v-safe-html): Avoid serialize/parse roundtrip

Using innerHTML invokes the browser's parser, and already requires a serialisation step within DOMPurify. By enabling RETURN_DOM_FRAGMENT in DOMPurify, both steps can be avoided.

Does this MR meet the acceptance criteria?

Conformity

  • Code review guidelines.
  • GitLab UI's contributing guidlines.
  • [-] If it changes a Pajamas-compliant component's look & feel, the MR has been reviewed by a UX designer.
  • [-] If it changes GitLab UI's documentation guidelines, the MR has been reviewed by a Technical Writer.
  • If the MR changes a component's API, integration MR(s) have been opened in the following projects to ensure that the @gitlab/ui package can be upgraded quickly after the changes are released:
  • [-] Added the ~"component:*" label(s) if applicable.

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

  • Label as security and @ mention @gitlab-com/gl-security/appsec
  • Security reports checked/validated by a reviewer from the AppSec team
Edited by Mark Florian

Merge request reports

Loading