Use sanitize to clean network html snippet

drips-network · Dec 4, 2024 · 80faf3e · 80faf3e
1 parent cc1e1b8
commit 80faf3e
Showing 1 changed file with 8 additions and 2 deletions.
diff --git a/src/lib/flows/claim-project-flow/steps/review/review.svelte b/src/lib/flows/claim-project-flow/steps/review/review.svelte
@@ -40,6 +40,7 @@
   import filterCurrentChainData from '$lib/utils/filter-current-chain-data';
   import network from '$lib/stores/wallet/network';
   import { mapSplitsFromListEditorData } from '$lib/components/splits/utils';
+  import sanitize from 'sanitize-html';
 
   const dispatch = createEventDispatcher<StepComponentEvents>();
 
@@ -249,8 +250,13 @@
           >You can <span class="typo-text-bold">collect your tokens</span> from your
           <span class="typo-text-bold">Drips dashboard</span>.</UlIconLi
         >
-        <UlIconLi icon={TokenStreamsIcon}
-          >{@html network.settlement.recipientsExplainerHtml}</UlIconLi
+        <UlIconLi icon={TokenStreamsIcon}>
+          {@html sanitize(network.settlement.recipientsExplainerHtml, {
+            allowedTags: ['span'],
+            allowedAttributes: {
+              span: ['class'],
+            },
+          })}</UlIconLi
         >
       </ul>
     </div>