fix(sanitization): increase scrutiny of html sanitization

ProbablePrime · ProbablePrime · commit 6bb50e284bb1 · 2024-12-17T15:12:40.000-08:00
diff --git a/helpers/preprocessing.js b/helpers/preprocessing.js
@@ -1,7 +1,7 @@
 import DOMPurify from 'isomorphic-dompurify';
 
 function sanitizeHTML(input) {
-    return DOMPurify.sanitize(input, {ALLOWED_TAGS: ['span']});
+    return DOMPurify.sanitize(input, {ALLOWED_TAGS: ['span'], ALLOWED_ATTR: ['style']});
 }
 
 /**

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`import DOMPurify from 'isomorphic-dompurify';`
`2`	`2`
`3`	`3`	`function sanitizeHTML(input) {`
`4`		`- return DOMPurify.sanitize(input, {ALLOWED_TAGS: ['span']});`
	`4`	`+ return DOMPurify.sanitize(input, {ALLOWED_TAGS: ['span'], ALLOWED_ATTR: ['style']});`
`5`	`5`	`}`
`6`	`6`
`7`	`7`	`/**`