feat(sanitization): integrate DOMPurify for HTML sanitization across components

- Added DOMPurify library to sanitize HTML content in toast notifications and other components to prevent XSS vulnerabilities. - Updated relevant components to use the new `sanitizeHTML` function for safe rendering of HTML content. - Ensured that only allowed tags and attributes are permitted in sanitized output.
2025-08-19 10:34:54 +02:00
parent f02c36985f
commit 6727fd958f
8 changed files with 77 additions and 44 deletions
--- a/resources/views/livewire/project/new/select.blade.php
+++ b/resources/views/livewire/project/new/select.blade.php
@@ -29,7 +29,7 @@
                            <x-resource-view>
                                <x-slot:title><span x-text="application.name"></span></x-slot>
                                <x-slot:description>
-                                    <span x-html="application.description"></span>
+                                    <span x-html="window.sanitizeHTML(application.description)"></span>
                                </x-slot>
                                <x-slot:logo>
                                    <img class="w-[4.5rem] aspect-square h-[4.5rem] p-2 transition-all duration-200 dark:opacity-30 grayscale group-hover:grayscale-0 group-hover:opacity-100 dark:bg-white/10 bg-black/10"
@@ -66,7 +66,7 @@
                                <x-slot:description><span x-text="database.description"></span></x-slot>
                                <x-slot:logo>
                                    <span x-show="database.logo">
-                                        <span x-html="database.logo"></span>
+                                        <span x-html="window.sanitizeHTML(database.logo)"></span>
                                    </span>
                                </x-slot>
                            </x-resource-view>