New widgets by rajat1saxena · Pull Request #577 · codelitdev/courselit

rajat1saxena · 2025-04-26T17:51:26Z

As seen in

vercel · 2025-04-26T17:51:28Z

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
courselit-docs	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Apr 29, 2025 0:42am

+                                    processedSvg(svgCode, svgStyle) ||
+                                    '<div class="text-red-500">Invalid SVG</div>',


To fix the issue, we need to ensure that the svgCode passed to dangerouslySetInnerHTML is sanitized to prevent XSS. This can be achieved by using a library like DOMPurify to sanitize the SVG content before rendering it. DOMPurify is a well-known library for sanitizing HTML and SVG content, ensuring that only safe elements and attributes are allowed.

Steps to fix:

Install the dompurify library if it is not already installed.

Import DOMPurify into the file.

Use DOMPurify.sanitize to sanitize the output of processedSvg before passing it to dangerouslySetInnerHTML.

+                                __html: processedSvg(
+                                    '<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-star-icon lucide-star"><path d="M11.525 2.295a.53.53 0 0 1 .95 0l2.31 4.679a2.123 2.123 0 0 0 1.595 1.16l5.166.756a.53.53 0 0 1 .294.904l-3.736 3.638a2.123 2.123 0 0 0-.611 1.878l.882 5.14a.53.53 0 0 1-.771.56l-4.618-2.428a2.122 2.122 0 0 0-1.973 0L6.396 21.01a.53.53 0 0 1-.77-.56l.881-5.139a2.122 2.122 0 0 0-.611-1.879L2.16 9.795a.53.53 0 0 1 .294-.906l5.165-.755a2.122 2.122 0 0 0 1.597-1.16z"/></svg>',
+                                    internalSvgStyle,
+                                ),


To fix the issue, we need to ensure that any data passed to dangerouslySetInnerHTML is sanitized to prevent XSS attacks. This can be achieved by using a library like DOMPurify to sanitize the SVG content before injecting it into the DOM. DOMPurify is a well-known library for sanitizing HTML and SVG content, and it is widely used to mitigate XSS vulnerabilities.

Steps to fix:

Install the dompurify library as a dependency.

Import DOMPurify in the helpers.ts file where the processedSvg function is defined.

Use DOMPurify.sanitize to sanitize the SVG content before returning it from the processedSvg function.

Ensure that the sanitized SVG content is used in the dangerouslySetInnerHTML property.

+                            </p>
+                            <div
+                                className="w-[100px] h-[60px] flex items-center justify-center"
+                                dangerouslySetInnerHTML={{ __html: svgText }}


To fix the issue, we need to sanitize the svgText input before using it in dangerouslySetInnerHTML. A well-known library like dompurify can be used to sanitize the input, ensuring that only safe HTML is allowed. This approach preserves the functionality of rendering SVG content while mitigating the XSS risk.

Steps to implement the fix:

Install the dompurify library if it is not already installed.

Import dompurify into the file.

Use DOMPurify.sanitize to sanitize the svgText value before passing it to dangerouslySetInnerHTML.

+    const contentRef = useRef<HTMLDivElement>(null);
+
+    // Convert children to array
+    const childrenArray = React.Children.toArray(children);


To fix the issue, the unused variable childrenArray should be removed from the code. This involves deleting its declaration on line 29. Since the variable is not used anywhere else in the code, no additional changes are required. This will improve code clarity and eliminate the unnecessary computation of React.Children.toArray(children).

Icons in the grid block

32c90c7

vercel bot deployed to Preview April 26, 2025 17:52 View deployment

github-advanced-security AI found potential problems Apr 26, 2025

View reviewed changes

New components: Embed and Marquee

3079b25

vercel bot deployed to Preview April 29, 2025 12:04 View deployment

github-advanced-security AI found potential problems Apr 29, 2025

View reviewed changes

Added missing import

c6dba42

vercel bot deployed to Preview April 29, 2025 12:42 View deployment

rajat1saxena closed this Oct 3, 2025

@@ -63,3 +63,4 @@
                     "clsx": "^2.1.1",
-                    "react-redux": "^8.1.2"
+                    "react-redux": "^8.1.2",
+                    "dompurify": "^3.2.5"
                 },

Package	Version	Security advisories
dompurify (npm)	3.2.5	None

@@ -18,2 +18,4 @@
+            import DOMPurify from "dompurify";
             export const processedSvg = (
@@ -27,3 +29,3 @@
                 // For other SVGs, replace the fill attribute if it exists
-                return svgCode
+                const updatedSvgCode = svgCode
                     .replace(/currentColor/g, svgStyle.svgColor)
@@ -34,2 +36,5 @@
                     .replace(/<svg/, '<svg width="100%" height="100%"');
+                // Sanitize the SVG content to prevent XSS
+                return DOMPurify.sanitize(updatedSvgCode, { USE_PROFILES: { svg: true } });
             };

@@ -63,3 +63,4 @@
                     "clsx": "^2.1.1",
-                    "react-redux": "^8.1.2"
+                    "react-redux": "^8.1.2",
+                    "dompurify": "^3.2.5"
                 },

Package	Version	Security advisories
dompurify (npm)	3.2.5	None

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

New widgets#577

New widgets#577
rajat1saxena wants to merge 3 commits intomainfrom
page-builder-new-widgets

rajat1saxena commented Apr 26, 2025

Uh oh!

vercel bot commented Apr 26, 2025 •

edited

Loading

Uh oh!

Check warning

Copilot Autofix

Check warning

Copilot Autofix

Check warning

Copilot Autofix

Check notice

Copilot Autofix

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

		processedSvg(svgCode, svgStyle) \|\|
		'<div class="text-red-500">Invalid SVG</div>',

@@ -1,2 +1,3 @@
             import React from "react";
+            import DOMPurify from "dompurify";
             import {
@@ -79,3 +80,3 @@
                                             className="w-[100px] h-[60px] flex items-center justify-center"
-                                            dangerouslySetInnerHTML={{ __html: svgText }}
+                                            dangerouslySetInnerHTML={{ __html: DOMPurify.sanitize(svgText) }}
                                         />

Conversation

rajat1saxena commented Apr 26, 2025

Uh oh!

vercel bot commented Apr 26, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Check warning

Uh oh!

Uh oh!

Copilot Autofix

Check warning

Uh oh!

Copilot Autofix

Check warning

Uh oh!

Copilot Autofix

Check notice

Copilot Autofix

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

vercel bot commented Apr 26, 2025 •

edited

Loading