fix(website): sanitize result markdown rendering

KristjanESPERANTO · KristjanESPERANTO · commit 89a41870a5b9 · 2026-04-16T11:50:10.000+02:00
diff --git a/website/result.html b/website/result.html
@@ -5,6 +5,7 @@
     <link rel="icon" type="image/x-icon" href="favicon.svg" />
     <link rel="stylesheet" href="result.css" />
     <script src="https://cdn.jsdelivr.net/npm/marked/marked.min.js"></script>
+    <script src="https://cdn.jsdelivr.net/npm/dompurify@3.2.6/dist/purify.min.js"></script>
   </head>
   <body>
     <div id="markdown-container"></div>
@@ -21,7 +22,8 @@
             );
           }
           const markdownText = await response.text();
-          markdownContainer.innerHTML = marked.parse(markdownText);
+          const renderedMarkdown = marked.parse(markdownText);
+          markdownContainer.innerHTML = DOMPurify.sanitize(renderedMarkdown);
           addHeadingAnchors();
         } catch (error) {
           console.error("Error loading markdown:", error);
@@ -37,6 +39,7 @@
             .replaceAll(" ", "-")
             .replaceAll("&", "")
             .replaceAll("/", "");
+
           const anchor = document.createElement("a");
           anchor.id = anchorId;
           anchor.href = "#" + anchorId;
@@ -48,7 +51,11 @@
         const hash = window.location.hash;
         if (hash) {
           const decodedHash = decodeURIComponent(hash);
-          const target = document.querySelector(decodedHash);
+          const targetId = decodedHash.startsWith("#")
+            ? decodedHash.slice(1)
+            : decodedHash;
+          const target = document.getElementById(targetId);
+
           if (target) {
             target.scrollIntoView();
           }
