From e71dbf15f3de1ff4aa9df4aab2185c7bd254570d Mon Sep 17 00:00:00 2001
From: Ayo <ramon.aycojr@gmail.com>
Date: Thu, 1 Jun 2023 09:29:26 +0200
Subject: [PATCH] feat: sanitize reply content

---
 assets/js/webmention-utils.mjs | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/assets/js/webmention-utils.mjs b/assets/js/webmention-utils.mjs
index 376afd4..6e72a8b 100644
--- a/assets/js/webmention-utils.mjs
+++ b/assets/js/webmention-utils.mjs
@@ -62,7 +62,8 @@ function createRepliesBlock(replies, heading) {
     ).toLocaleDateString()}</a><div class="clear-both"></div>`;
     const card = document.createElement("div");
     card.className = "reply-card";
-    card.innerHTML = reply.content.html;
+    const sanitizer = new Sanitizer();
+    card.setHTML(reply.content.html, { sanitizer });
     card.insertBefore(author, card.firstChild);
     cell.appendChild(card);
     repliesTable.append(row);