Sanitize HTML

2025-03-30 19:56:21 +00:00 · 2022-01-30 18:29:40 +03:00 · 2022-01-30 18:29:40 +03:00 · 8420d0fef2
commit 8420d0fef2
parent 59adbc348a
2 changed files with 4 additions and 2 deletions
--- a/src/components/dialog/dialog.js
+++ b/src/components/dialog/dialog.js
@ -1,3 +1,4 @@
+import DOMPurify from 'dompurify';
 import escapeHtml from 'escape-html';
 import dialogHelper from '../dialogHelper/dialogHelper';
 import dom from '../../scripts/dom';
@ -54,7 +55,7 @@ import template from './dialog.template.html';
        }

        const displayText = options.html || options.text || '';
-        dlg.querySelector('.text').innerHTML = displayText;
+        dlg.querySelector('.text').innerHTML = DOMPurify.sanitize(displayText);

        if (!displayText) {
            dlg.querySelector('.dialogContentInner').classList.add('hide');