fix: sanitize message in notification component (#2664)

fix: sanitize messages in notification component
2025-04-19 12:57:17 +00:00 · 2025-03-24 11:42:48 +00:00 · 2025-03-24 11:42:48 +00:00 · d298b3ffc9
commit d298b3ffc9
parent 9ab87bf8b5
1 changed files with 2 additions and 1 deletions
--- a/arduino-ide-extension/src/browser/theia/messages/notification-component.tsx
+++ b/arduino-ide-extension/src/browser/theia/messages/notification-component.tsx
@ -2,6 +2,7 @@ import React from '@theia/core/shared/react';
 import { NotificationComponent as TheiaNotificationComponent } from '@theia/messages/lib/browser/notification-component';
 import { nls } from '@theia/core/lib/common';
 import { codicon } from '@theia/core/lib/browser';
+import { sanitize } from 'dompurify';

 export class NotificationComponent extends TheiaNotificationComponent {
  override render(): React.ReactNode {
@ -20,7 +21,7 @@ export class NotificationComponent extends TheiaNotificationComponent {
            />
            <div className="theia-notification-message">
              <span
-                dangerouslySetInnerHTML={{ __html: message }}
+                dangerouslySetInnerHTML={{ __html: sanitize(message) }}
                onClick={this.onMessageClick}
              />
            </div>