added dompurify

author: Nathan-SR <144961007+Nathan-SR@users.noreply.github.com> 2024-10-01 04:17:34 -0400
committer: Nathan-SR <144961007+Nathan-SR@users.noreply.github.com> 2024-10-01 04:17:34 -0400
commit: 111a4775788a52b218d5dbb49ef8c2d83d90ff3e (patch)
tree: 92d5cbd85fc0a956295a7d71a1f500479c06c941 /src
parent: 96883cb177d44ed9e06e800de9b35bda36e6fd1c (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/src/client/views/collections/collectionSchema/SchemaCellField.tsx b/src/client/views/collections/collectionSchema/SchemaCellField.tsx
index e26dd9646..84e7b62bf 100644
--- a/src/client/views/collections/collectionSchema/SchemaCellField.tsx
+++ b/src/client/views/collections/collectionSchema/SchemaCellField.tsx
@@ -8,6 +8,7 @@ import { FieldView, FieldViewProps } from '../../nodes/FieldView';
 import { ObjectField } from '../../../../fields/ObjectField';
 import { Doc } from '../../../../fields/Doc';
 import { DocumentView } from '../../nodes/DocumentView';
+import DOMPurify from 'dompurify';
 
 /**
  * The SchemaCellField renders text in schema cells while the user is editing, and updates the
@@ -168,7 +169,7 @@ export class SchemaCellField extends ObservableReactComponent<SchemaCellFieldPro
     @action
     setContent = (content: string, restoreCursorPos?: boolean) => {
         const pos = this.cursorPosition;
-        this._displayedContent = this.makeSpans(content);
+        this._displayedContent = DOMPurify.sanitize(this.makeSpans(content));
         restoreCursorPos && setTimeout(() => this.setCursorPosition(pos));
     };
author	Nathan-SR <144961007+Nathan-SR@users.noreply.github.com>	2024-10-01 04:17:34 -0400
committer	Nathan-SR <144961007+Nathan-SR@users.noreply.github.com>	2024-10-01 04:17:34 -0400
commit	111a4775788a52b218d5dbb49ef8c2d83d90ff3e (patch)
tree	92d5cbd85fc0a956295a7d71a1f500479c06c941 /src
parent	96883cb177d44ed9e06e800de9b35bda36e6fd1c (diff)