Skip to content

chore(security-vue): prevent DOM XSS by sanitizing HTML #42

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
selemondev merged 1 commit into from
Dec 28, 2025
Merged

chore(security-vue): prevent DOM XSS by sanitizing HTML #42

selemondev merged 1 commit into from
Dec 28, 2025

Conversation

@selemondev
Copy link
Owner

@selemondev selemondev commented Dec 28, 2025
edited by coderabbitai bot
Loading

Summary by CodeRabbit

  • Bug Fixes
    • Strengthened security in code block rendering through enhanced HTML content sanitization. This change prevents potential cross-site scripting (XSS) vulnerabilities when displaying code with dynamic or user-generated content. Code blocks now safely process and sanitize all HTML content before rendering to the interface.

✏️ Tip: You can customize this high-level summary in your review settings.

@coderabbitai
Copy link

coderabbitai bot commented Dec 28, 2025
edited
Loading

Caution

Review failed

The pull request is closed.

📝 Walkthrough

Walkthrough

Adds dompurify ^3.3.1 as a runtime dependency in packages/vue/package.json. Updates CodeBlock.vue component to import DOMPurify and sanitize HTML content using DOMPurify.sanitize() before binding to v-html directive.

Changes

Cohort / File(s) Summary
Dependencies
packages/vue/package.json		 Added dompurify ^3.3.1 as runtime dependency
Code Block Sanitization
packages/vue/src/components/CodeBlock.vue		 Imported DOMPurify and wrapped HTML content with DOMPurify.sanitize() before v-html binding

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Possibly related PRs

Poem

🐰 Hoppy times! A guardian arrives,
DOMPurify keeps our code alive,
No sneaky scripts shall slip on through—
Sanitized safety, tried and true!

✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch chore(security-vue)
📜 Recent review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 18e56df and e72151d.

📒 Files selected for processing (2)
  • packages/vue/package.json
  • packages/vue/src/components/CodeBlock.vue

Comment @coderabbitai help to get the list of available commands and usage tips.

@selemondev selemondev merged commit 6f04aba into main Dec 28, 2025
7 of 8 checks passed
@selemondev selemondev deleted the chore(security-vue) branch December 28, 2025 12:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@selemondev