Fix code scanning alert no. 5: Incomplete multi-character sanitization

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
inferablehq · Nov 28, 2024 · 808dfec · 808dfec
1 parent 911c0e5
commit 808dfec
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 8 deletions.
diff --git a/app/app/clusters/[clusterId]/configs/global/page.tsx b/app/app/clusters/[clusterId]/configs/global/page.tsx
@@ -17,9 +17,9 @@ import "@mdxeditor/editor/style.css";
 import { ClientInferResponseBody } from "@ts-rest/core";
 import { useCallback, useEffect, useState } from "react";
 import toast from "react-hot-toast";
+import sanitizeHtml from "sanitize-html";
 
 // Import necessary plugins
-
 export default function Page({ params }: { params: { clusterId: string } }) {
   const { getToken } = useAuth();
   const [clusterContext, setClusterContext] = useState<
@@ -43,12 +43,10 @@ export default function Page({ params }: { params: { clusterId: string } }) {
 
     if (response.status === 200) {
       setClusterContext(response.body.additionalContext);
-      const withoutHtmlTags =
-        response.body.additionalContext?.current.content.replace(
-          /<[^>]*>?/g,
-          "",
-        );
-      setActivePrompt(withoutHtmlTags ?? "");
+      const sanitizedContent = sanitizeHtml(
+        response.body.additionalContext?.current.content ?? ""
+      );
+      setActivePrompt(sanitizedContent);
       setFetched(true);
     } else {
       throw new Error(`Failed to fetch cluster context: ${response.status}`);

diff --git a/app/package.json b/app/package.json
@@ -80,7 +80,8 @@
     "ulid": "^2.3.0",
     "usehooks-ts": "^3.1.0",
     "vaul": "^0.9.1",
-    "zod": "^3.23.8"
+    "zod": "^3.23.8",
+    "sanitize-html": "^2.13.1"
   },
   "devDependencies": {
     "@types/dompurify": "^3.0.5",