From 111a4775788a52b218d5dbb49ef8c2d83d90ff3e Mon Sep 17 00:00:00 2001
From: Nathan-SR <144961007+Nathan-SR@users.noreply.github.com>
Date: Tue, 1 Oct 2024 04:17:34 -0400
Subject: added dompurify

---
 src/client/views/collections/collectionSchema/SchemaCellField.tsx | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/client/views/collections/collectionSchema/SchemaCellField.tsx b/src/client/views/collections/collectionSchema/SchemaCellField.tsx
index e26dd9646..84e7b62bf 100644
--- a/src/client/views/collections/collectionSchema/SchemaCellField.tsx
+++ b/src/client/views/collections/collectionSchema/SchemaCellField.tsx
@@ -8,6 +8,7 @@ import { FieldView, FieldViewProps } from '../../nodes/FieldView';
 import { ObjectField } from '../../../../fields/ObjectField';
 import { Doc } from '../../../../fields/Doc';
 import { DocumentView } from '../../nodes/DocumentView';
+import DOMPurify from 'dompurify';
 
 /**
  * The SchemaCellField renders text in schema cells while the user is editing, and updates the
@@ -168,7 +169,7 @@ export class SchemaCellField extends ObservableReactComponent<SchemaCellFieldPro
     @action
     setContent = (content: string, restoreCursorPos?: boolean) => {
         const pos = this.cursorPosition;
-        this._displayedContent = this.makeSpans(content);
+        this._displayedContent = DOMPurify.sanitize(this.makeSpans(content));
         restoreCursorPos && setTimeout(() => this.setCursorPosition(pos));
     };
 
-- 
cgit v1.2.3-70-g09d2