🛡️ Sentinel: [HIGH] Mitigate XSS in CodeBlock rendering via DOMPurify
Sanitize HTML string generated by Shiki before rendering it via `dangerouslySetInnerHTML` in CodeBlockEmbeddable and CodeBlockSidebar.
This commit is contained in:
@@ -20,6 +20,7 @@
|
||||
"dependencies": {
|
||||
"@excalidraw/excalidraw": "^0.18.1",
|
||||
"@modelcontextprotocol/sdk": "^1.29.0",
|
||||
"dompurify": "^3.4.8",
|
||||
"fast-json-patch": "^3.1.1",
|
||||
"mcp-handler": "^1.1.0",
|
||||
"react": "^19.2.6",
|
||||
@@ -29,6 +30,7 @@
|
||||
},
|
||||
"devDependencies": {
|
||||
"@types/bun": "^1.3.14",
|
||||
"@types/dompurify": "^3.2.0",
|
||||
"@types/react": "^19.2.15",
|
||||
"@types/react-dom": "^19.2.3",
|
||||
"prettier": "^3.8.3",
|
||||
|
||||
Reference in New Issue
Block a user