fix: sanitize HTML to prevent XSS vulnerability

This commit is contained in:
2026-04-27 16:06:02 +02:00
parent e5c10e6fe0
commit 238599299f
3 changed files with 13 additions and 1 deletions

View File

@@ -4,6 +4,8 @@ declare const htmx: {
export {}
import DOMPurify from 'dompurify'
interface ModeSource {
token: string
subtitles: SubtitleItem[]
@@ -954,7 +956,7 @@ const loadNextEpisodeInPlace = async (animeID: number, nextEpisode: number): Pro
const html = await res.text()
const wrapper = document.createElement('span')
wrapper.id = 'watch-status-dropdown'
wrapper.innerHTML = html
wrapper.innerHTML = DOMPurify.sanitize(html)
watchStatusDropdown.replaceWith(wrapper)
}).catch(() => {})
}