sanitize HTML on html returns

- I had it in there for some time, I even tested it... likely gone during some commits
This commit is contained in:
Wolfsblvt 2024-10-01 01:23:34 +02:00
parent d96bb3dcea
commit 56265540db

View File

@ -56,7 +56,7 @@ export const slashCommandReturnHelper = {
case 'chat-html':
case 'toast-text':
case 'toast-html': {
const htmlOrNotHtml = shouldHtml ? (new showdown.Converter()).makeHtml(stringValue) : escapeHtml(stringValue);
const htmlOrNotHtml = shouldHtml ? DOMPurify.sanitize((new showdown.Converter()).makeHtml(stringValue)) : escapeHtml(stringValue);
if (type.startsWith('popup')) await callGenericPopup(htmlOrNotHtml, POPUP_TYPE.TEXT);
if (type.startsWith('chat')) sendSystemMessage(system_message_types.GENERIC, htmlOrNotHtml);