From 36e81c40c90bc96ad4959a6c1080690aef3a9b90 Mon Sep 17 00:00:00 2001 From: Oliver Walters Date: Thu, 21 May 2026 11:46:37 +0000 Subject: [PATCH] Sanitize before uploading --- src/frontend/src/components/editors/NotesEditor.tsx | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/frontend/src/components/editors/NotesEditor.tsx b/src/frontend/src/components/editors/NotesEditor.tsx index fdcec07c31..4f3c1619ae 100644 --- a/src/frontend/src/components/editors/NotesEditor.tsx +++ b/src/frontend/src/components/editors/NotesEditor.tsx @@ -162,8 +162,9 @@ export default function NotesEditor({ const blocks = editor.document; const html = editor.blocksToHTMLLossy(blocks); + const cleanHtml = DOMPurify.sanitize(html); - // TODO: Sanitize the HTML content before sending to the server (or ensure it's sanitized on the back-end) + // Sanitize the HTML content before sending to the server (or ensure it's sanitized on the back-end) if (selectedNote) { const url = apiUrl(ApiEndpoints.note_list, selectedNote); @@ -171,7 +172,7 @@ export default function NotesEditor({ notifications.hide('note-update-status'); api - .patch(url, { content: html }) + .patch(url, { content: cleanHtml }) .then(() => { setIsDirty(false); notifications.show({