Skip to content

Commit

Permalink
Add DOMPurify to sanitize DangerouslySetInnerHTML
Browse files Browse the repository at this point in the history
  • Loading branch information
@julio-cfa
julio-cfa committed Sep 11, 2024
1 parent 7900613 commit 5985a3b
Show file tree
Hide file tree
Showing 3 changed files with 7 additions and 2 deletions.
3 changes: 3 additions & 0 deletions package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,5 +23,8 @@
"husky": "^9.0.11",
"lerna": "^6.6.2",
"typescript": "^5.1.3"
},
"dependencies": {
"dompurify": "^3.1.6"
}
}
3 changes: 2 additions & 1 deletion packages/markups/src/elements/Emoji.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ import React, { useMemo } from 'react';
import PropTypes from 'prop-types';
import emojione from 'emoji-toolkit';
import { Box } from '@embeddedchat/ui-elements';
import DOMPurify from 'dompurify';
import { EmojiStyles as styles } from './elements.styles';

const Emoji = ({ big = false, emoji }) => {
Expand All @@ -21,7 +22,7 @@ const Emoji = ({ big = false, emoji }) => {
<Box
is="span"
css={[styles.emojione, styles.emojiInMessage]}
dangerouslySetInnerHTML={{ __html: emojiHtml }}
dangerouslySetInnerHTML={{ __html: DOMPurify.sanitize(emojiHtml) }}
/>
);
};
Expand Down
3 changes: 2 additions & 1 deletion packages/react/src/views/EmojiReaction/EmojiReaction.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ import PropTypes from 'prop-types';
import emojione from 'emoji-toolkit';
import { css } from '@emotion/react';
import { Box } from '@embeddedchat/ui-elements';
import DOMPurify from 'dompurify';

const EmojiReaction = ({ body }) => {
const emojiHtml = emojione.toImage(body);
Expand All @@ -12,7 +13,7 @@ const EmojiReaction = ({ body }) => {
css={css`
font-size: 1rem;
`}
dangerouslySetInnerHTML={{ __html: emojiHtml }}
dangerouslySetInnerHTML={{ __html: DOMPurify.sanitize(emojiHtml) }}
/>
);
};
Expand Down

0 comments on commit 5985a3b

Please sign in to comment.