From 3cd27ca0aeb210e0a9a116f0d1725e884fec2438 Mon Sep 17 00:00:00 2001 From: Rahul Kumar Rai Date: Wed, 11 Mar 2026 01:10:09 +0530 Subject: [PATCH 1/3] Fix: Unsafe HTML Rendering with dangerouslySetInnerHTML #7976 --- package.json | 1 + src/components/Page/Page.jsx | 3 ++- src/components/Print/PrintScript.jsx | 23 ++++++++++++++--------- 3 files changed, 17 insertions(+), 10 deletions(-) diff --git a/package.json b/package.json index b3f2e0091921..bf181b708154 100644 --- a/package.json +++ b/package.json @@ -75,6 +75,7 @@ "dependencies": { "@docsearch/react": "^4.6.0", "@react-spring/web": "^10.0.3", + "dompurify": "^3.3.2", "path-browserify": "^1.0.1", "prop-types": "^15.8.1", "react": "^19.2.4", diff --git a/src/components/Page/Page.jsx b/src/components/Page/Page.jsx index 997b0ffae849..befe27e5ee9d 100644 --- a/src/components/Page/Page.jsx +++ b/src/components/Page/Page.jsx @@ -1,4 +1,5 @@ // Import External Dependencies +import DOMPurify from "dompurify"; import PropTypes from "prop-types"; import { useEffect, useState } from "react"; import { useLocation } from "react-router-dom"; @@ -98,7 +99,7 @@ export default function Page(props) { contentRender = (
); diff --git a/src/components/Print/PrintScript.jsx b/src/components/Print/PrintScript.jsx index 3b7d56362d1b..eb64c8429eb9 100644 --- a/src/components/Print/PrintScript.jsx +++ b/src/components/Print/PrintScript.jsx @@ -1,12 +1,17 @@ -const printScript = ` -window.matchMedia('print').addListener(function(mql) { - if (!mql.matches) { - window.close(); - } -}); -window.print(); -`; +import { useEffect } from "react"; export default function PrintScript() { - return ; + useEffect(() => { + const mediaQuery = window.matchMedia("print"); + const listener = (mql) => { + if (!mql.matches) { + window.close(); + } + }; + mediaQuery.addListener(listener); + window.print(); + + return () => mediaQuery.removeListener(listener); + }, []); + return null; } From 4549782b7c7463dacb88416d3d50f380ab8372b4 Mon Sep 17 00:00:00 2001 From: Rahul Kumar Rai Date: Wed, 11 Mar 2026 01:51:24 +0530 Subject: [PATCH 2/3] chore: update yarn.lock after adding dompurify dependency --- yarn.lock | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/yarn.lock b/yarn.lock index c709979a5e76..4c776607c749 100644 --- a/yarn.lock +++ b/yarn.lock @@ -3001,10 +3001,10 @@ resolved "https://registry.yarnpkg.com/@types/tough-cookie/-/tough-cookie-4.0.5.tgz#cb6e2a691b70cb177c6e3ae9c1d2e8b2ea8cd304" integrity sha512-/Ad8+nIOV7Rl++6f1BdKxFSMgmoqEoYbHRpPcx3JEfv8VRsQe9Z4mCXeJBzxs7mbHY/XOZZuXlRNfhpVPbs6ZA== -"@types/trusted-types@^2.0.2": - version "2.0.2" - resolved "https://registry.yarnpkg.com/@types/trusted-types/-/trusted-types-2.0.2.tgz#fc25ad9943bcac11cceb8168db4f275e0e72e756" - integrity sha512-F5DIZ36YVLE+PN+Zwws4kJogq47hNgX3Nx6WyDJ3kcplxyke3XIzB8uK5n/Lpm1HBsbGzd6nmGehL8cPekP+Tg== +"@types/trusted-types@^2.0.2", "@types/trusted-types@^2.0.7": + version "2.0.7" + resolved "https://registry.yarnpkg.com/@types/trusted-types/-/trusted-types-2.0.7.tgz#baccb07a970b91707df3a3e8ba6896c57ead2d11" + integrity sha512-ScaPdn1dQczgbl0QFTeTOmVHFULt394XJgOQNoyVhZ6r2vLnMLJfBPd53SB52T/3G36VI1/g2MZaX0cwDuXsfw== "@types/unist@*", "@types/unist@^3.0.0": version "3.0.0" @@ -5551,6 +5551,13 @@ domhandler@^5.0.1, domhandler@^5.0.2: dependencies: domelementtype "^2.3.0" +dompurify@^3.3.2: + version "3.3.2" + resolved "https://registry.yarnpkg.com/dompurify/-/dompurify-3.3.2.tgz#58c515d0f8508b8749452a028aa589ad80b36325" + integrity sha512-6obghkliLdmKa56xdbLOpUZ43pAR6xFy1uOrxBaIDjT+yaRuuybLjGS9eVBoSR/UPU5fq3OXClEHLJNGvbxKpQ== + optionalDependencies: + "@types/trusted-types" "^2.0.7" + domspace@^1.2.1: version "1.2.2" resolved "https://registry.yarnpkg.com/domspace/-/domspace-1.2.2.tgz#d454f854ae1738b7482cf6af16350c413de6b4ee" From dc9b74748310a83136f2d525d6a496b588f1ae63 Mon Sep 17 00:00:00 2001 From: Rahul Kumar Rai Date: Wed, 11 Mar 2026 02:17:40 +0530 Subject: [PATCH 3/3] Added DOMPurify sanitization to Page.jsx with allowed tags/attributes and Added null safety check for SVG rendering in SplashViz.jsx --- src/components/Page/Page.jsx | 44 +++++++++++++++++++++++++- src/components/SplashViz/SplashViz.jsx | 2 +- 2 files changed, 44 insertions(+), 2 deletions(-) diff --git a/src/components/Page/Page.jsx b/src/components/Page/Page.jsx index befe27e5ee9d..a2e5a7b26a16 100644 --- a/src/components/Page/Page.jsx +++ b/src/components/Page/Page.jsx @@ -99,7 +99,49 @@ export default function Page(props) { contentRender = (
); diff --git a/src/components/SplashViz/SplashViz.jsx b/src/components/SplashViz/SplashViz.jsx index 4db6365f47e7..eb7868d3ed65 100644 --- a/src/components/SplashViz/SplashViz.jsx +++ b/src/components/SplashViz/SplashViz.jsx @@ -26,7 +26,7 @@ export default class SplashViz extends Component {