Merge pull request #25 from hyphacoop/profile-summary

fix: use .innerHTML with DOMPurify for profile summary to prevent raw html display
hyphacoop · Jul 29, 2024 · 19517ec · 19517ec
2 parents d53bd9f + 44bd32d
commit 19517ec
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/actor-profile.js b/actor-profile.js
@@ -1,4 +1,5 @@
 import { db } from './dbInstance.js'
+import DOMPurify from './dependencies/dompurify/purify.js'
 
 class ActorProfile extends HTMLElement {
   static get observedAttributes () {
@@ -96,7 +97,7 @@ class ActorProfile extends HTMLElement {
     if (actorInfo.summary) {
       const pUserSummary = document.createElement('div')
       pUserSummary.classList.add('profile-summary')
-      pUserSummary.textContent = `${actorInfo.summary}`
+      pUserSummary.innerHTML = DOMPurify.sanitize(actorInfo.summary)
       actorContainer.appendChild(pUserSummary) // Append to the actor container
     }