'sub',
'sup',
'ul',
+ 'span',
+ 'section'
],
ALLOWED_ATTR: ['src', 'width', 'height', 'href', 'alt', 'title', 'style' ],
};
-export const sanitizeHTML = (dirtyInput: string): string => DOMPurify.sanitize(dirtyInput, domPurifyConfig);
+export const sanitizeHTML = (dirtyString: string): string => DOMPurify.sanitize(dirtyString, domPurifyConfig);
import { ArvadosTheme } from "common/custom-theme";
import servicesProvider from "common/service-provider";
import { Dispatch } from "redux";
+import { sanitizeHTML } from "common/html-sanitize";
type CssRules = "dialogContent" | "dialogContentIframe";
>
<div data-cy="confirmation-dialog">
<DialogContent className={props.classes.dialogContent}>
- <div dangerouslySetInnerHTML={{ __html: bannerContents }}></div>
+ <div dangerouslySetInnerHTML={{ __html: sanitizeHTML(bannerContents) }}></div>
</DialogContent>
<DialogActions style={{ margin: "0px 24px 24px" }}>
<Button