Merge commit from fork
* Rework frontend code interacting directly with DOM Rework frontend code that uses user-supplied data to render things like comments and notes. In places where using React's built-in sanitization is possible, the feature is used. In other places, where some markup might be necessary, DOMPurify is used to sanitize the HTML before rendering it. Solves: GHSA-rh3r-8pxm-hg4w * Remove test post DOM rework * fixup! Rework frontend code interacting directly with DOM
This commit is contained in:
Alex Gustafsson
@@ -7,6 +7,7 @@ import config from '../config'
|
||||
import { LoveButton, RatingField } from '../common'
|
||||
import Lightbox from 'react-image-lightbox'
|
||||
import subsonic from '../subsonic'
|
||||
import { SafeHTML } from '../common/SafeHTML'
|
||||
|
||||
const useStyles = makeStyles(
|
||||
(theme) => ({
|
||||
@@ -168,7 +169,7 @@ const MobileArtistDetails = ({ artistInfo, biography, record }) => {
|
||||
<div className={classes.biography}>
|
||||
<Collapse collapsedHeight={'1.5em'} in={expanded} timeout={'auto'}>
|
||||
<Typography variant={'body1'} onClick={() => setExpanded(!expanded)}>
|
||||
<span dangerouslySetInnerHTML={{ __html: biography }} />
|
||||
<span><SafeHTML>{biography}</SafeHTML></span>
|
||||
</Typography>
|
||||
</Collapse>
|
||||
</div>
|
||||
|
||||
Reference in New Issue
Block a user