Fix: Unsafe HTML Rendering with dangerouslySetInnerHTML #7976

[rahul-kr-rai]

Summary

Issue Closes: #7976

This PR addresses a critical security vulnerability by fixing unsafe usage of dangerouslySetInnerHTML in three components. The changes eliminate potential XSS risks by either sanitizing HTML content or replacing dangerous patterns with safe React's declarative approach with useEffect

What kind of change does this PR introduce?

Security Fix: Removes potential XSS vulnerabilities by sanitizing HTML content and eliminating unsafe HTML injection patterns.
Code Refactor: Converts class-based components to functional components where appropriate, improving maintainability.
Dependency Addition: Adds dompurify as a new dependency for HTML sanitization.

Did you add tests for your changes?
Verify it,

Does this PR introduce a breaking change?
No

If relevant, what needs to be documented once your changes are merged or what have you already documented?

Use of AI
Yes, to increase productivity by following the AI policy.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
webpack-js-org	Ready	Preview, Comment	Mar 11, 2026 7:23pm

[alexander-akait]

tests are broken, please take a look

[rahul-kr-rai]

cypress test are failing, I will fix it as soon as possible.

[rahul-kr-rai]

I tried to solve the Cypress error, but I was unable to do,

Approach taken

• Reverted all recent changes
• Pulled the latest updates from my main branch
• Run the tests using yarn cypress:run

Please suggest any alternative approach that helps me to fix this error

[alexander-akait]

Why we need it? We pass into dangerouslySetInnerHTML only safe content, it will decrease performance and nothing more

[rahul-kr-rai]

Then what to do? Close the PR and issue or do any changes. Please suggest which is best.

[alexander-akait]

I think we don't need it at all, we only lost performance here

[rahul-kr-rai]

As per your suggestion I am closing this PR as well as issue.