feat: add HTML sanitization for notification messages
Implement sanitizeHtmlWithStyles utility to safely render HTML content in notification messages while removing dangerous tags and attributes. Update NotificationDetailsCard to use dangerouslySetInnerHTML with sanitization for message display.
This commit is contained in:
@@ -1,6 +1,7 @@
|
||||
"use client";
|
||||
import { TNotificationDetailsResponse } from "@/lib/api/types/NotificationHistory";
|
||||
import { capitalize, unixToDate } from "@/utils/shared";
|
||||
import { sanitizeHtmlWithStyles } from "@/lib/utils";
|
||||
import { FC } from "react";
|
||||
import IsVisible from "./IsVisible";
|
||||
import Status from "./Status";
|
||||
@@ -43,7 +44,12 @@ export const NotificationDetailsCard: FC<IProps> = ({ data }) => {
|
||||
<IsVisible condition={!!data.message}>
|
||||
<hr className="my-5" />
|
||||
<DetailItem title="Message">
|
||||
<p className="text-base leading-relaxed">{data.message}</p>
|
||||
<div
|
||||
className="text-base leading-relaxed"
|
||||
dangerouslySetInnerHTML={{
|
||||
__html: sanitizeHtmlWithStyles(data.message || '')
|
||||
}}
|
||||
/>
|
||||
</DetailItem>
|
||||
</IsVisible>
|
||||
</div>
|
||||
|
||||
Reference in New Issue
Block a user