feat: Run DOMPurify.sanitize on textarea content

WebOfTrust · Jan 31, 2024 · 15e01c8 · 15e01c8
1 parent 2fd13b4
commit 15e01c8
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/public/js/collection.js b/public/js/collection.js
@@ -105,7 +105,7 @@ function loadCollections() {
                 console.log('save button clicked');
                 const editableTextarea = this.closest('.card-header').nextElementSibling;
 
-                chrome.runtime.sendMessage({ action: "editSaveTerm", entry: { term: this.dataset.term, uniqueId: this.dataset.uniqueid, newValue: editableTextarea.innerHTML } }, function (response) {
+                chrome.runtime.sendMessage({ action: "editSaveTerm", entry: { term: this.dataset.term, uniqueId: this.dataset.uniqueid, newValue: DOMPurify.sanitize(editableTextarea.innerHTML) } }, function (response) {
                     console.log("Response:", response);
                     loadCollections();
                 });