From 8363c5c3cf354edf621b43e832298647e4e83b3f Mon Sep 17 00:00:00 2001
From: Julie Lenaerts <julielenaerts@gmail.com>
Date: Thu, 9 Nov 2023 19:21:52 +0100
Subject: [PATCH] Add use of DOMPurify to sanitize text from possible injection

---
 .../public/vuejs/HomepageWidget/DashboardWidgets/News.vue | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/Bundle/ChillMainBundle/Resources/public/vuejs/HomepageWidget/DashboardWidgets/News.vue b/src/Bundle/ChillMainBundle/Resources/public/vuejs/HomepageWidget/DashboardWidgets/News.vue
index 679eed8b4..366dfa329 100644
--- a/src/Bundle/ChillMainBundle/Resources/public/vuejs/HomepageWidget/DashboardWidgets/News.vue
+++ b/src/Bundle/ChillMainBundle/Resources/public/vuejs/HomepageWidget/DashboardWidgets/News.vue
@@ -30,6 +30,8 @@ import { onMounted, ref } from 'vue'
 import {makeFetch} from "ChillMainAssets/lib/api/apiMethods";
 import Modal from '../../_components/Modal.vue'; // Adjust the import path
 import { marked } from 'marked';
+import DOMPurify from 'dompurify';
+
 
 
 const newsItems = ref([])
@@ -59,7 +61,11 @@ const truncateContent = (content, maxLength = 100) => {
 };
 
 const convertMarkdownToHtml = (markdown) => {
-    return marked(markdown);
+    const rawHtml = marked(markdown);
+    return rawHtml;
+/*    console.log('rawhtml', rawHtml)
+    console.log('sanitized', DOMPurify.sanitize(rawHtml))
+    return DOMPurify.sanitize(rawHtml)*/
 };
 
 const truncateMarkdownContent = (content, maxLength = 100) => {