From 09e63ee61f8319850982acc26411031e51d06fe5 Mon Sep 17 00:00:00 2001
From: gtsp233 <gtsp233@gmail.com>
Date: Mon, 22 Jan 2024 00:13:07 -0500
Subject: [PATCH] sanitize html

---
 deprecated-components/richtext-renderer/package.json          | 4 +++-
 .../richtext-renderer/src/RichtextRenderer.jsx                | 3 ++-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/deprecated-components/richtext-renderer/package.json b/deprecated-components/richtext-renderer/package.json
index a2a417f02..2e2098049 100644
--- a/deprecated-components/richtext-renderer/package.json
+++ b/deprecated-components/richtext-renderer/package.json
@@ -30,7 +30,9 @@
     "react": "^16.3.0",
     "react-dom": "^16.3.0"
   },
-  "dependencies": {},
+  "dependencies": {
+    "dompurify": "^3.0.8"
+  },
   "devDependencies": {
     "react": "^16.3.0",
     "react-dom": "^16.3.0"
diff --git a/deprecated-components/richtext-renderer/src/RichtextRenderer.jsx b/deprecated-components/richtext-renderer/src/RichtextRenderer.jsx
index 0df14060d..cab6f32a9 100644
--- a/deprecated-components/richtext-renderer/src/RichtextRenderer.jsx
+++ b/deprecated-components/richtext-renderer/src/RichtextRenderer.jsx
@@ -1,4 +1,5 @@
 import React, { Component } from 'react';
+import DOMPurify from "dompurify";
 
 export default class RichtextRenderer extends Component {
 
@@ -9,7 +10,7 @@ export default class RichtextRenderer extends Component {
       <div
         {...others}
         className={(className ? className + ' ' : '') + 'ice-richtext'}
-        dangerouslySetInnerHTML={{__html: html}}
+        dangerouslySetInnerHTML={{__html: DOMPurify.sanitize(html) }}
       />
     );
   }