From f4258b598a07cf3a7884c73880eff8833138d3ee Mon Sep 17 00:00:00 2001 From: Pedro Lamas Date: Tue, 23 Jun 2026 22:22:03 +0100 Subject: [PATCH] refactor: drop redundant console sanitize Console messages are already sanitized at render via v-safe-html (DOMPurify), and ConsoleItem injects further HTML after the store, so the store-side DOMPurify.sanitize never protected the rendered output. Co-Authored-By: Claude Opus 4.8 Signed-off-by: Pedro Lamas --- src/store/console/actions.ts | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/store/console/actions.ts b/src/store/console/actions.ts index 90385cb18b..5c985c67f3 100644 --- a/src/store/console/actions.ts +++ b/src/store/console/actions.ts @@ -3,7 +3,6 @@ import { Globals } from '@/globals' import type { ConsoleEntry, ConsoleFilter, ConsoleState, PromptDialogButton, PromptDialogItemButton, PromptDialogItemText } from './types' import type { RootState } from '../types' import { SocketActions } from '@/api/socketActions' -import DOMPurify from 'dompurify' import { takeRightWhile } from 'lodash-es' export const actions = { @@ -43,13 +42,17 @@ export const actions = { * Add a console entry */ async onAddConsoleEntry ({ commit, dispatch }, payload: Omit) { - payload.message = DOMPurify.sanitize(payload.message).replace(/\r\n|\r|\n/g, '
') + payload.message = payload.message + .replace(/\r\n|\r|\n/g, '
') + if (!payload.time || payload.time <= 0) { payload.time = Date.now() / 1000 | 0 } + if (!payload.type) { payload.type = 'response' } + if (payload.type === 'response' && payload.message.startsWith('// action:')) { payload.type = 'action' } @@ -66,8 +69,7 @@ export const actions = { if (payload && payload.gcode_store) { const entries = payload.gcode_store .map((entry, index): ConsoleEntry => { - const rawMessage = Globals.CONSOLE_RECEIVE_PREFIX + entry.message - const message = DOMPurify.sanitize(rawMessage) + const message = Globals.CONSOLE_RECEIVE_PREFIX + entry.message .replace(/\r\n|\r|\n/g, '
') const type = (