From b9ccf1700fbe8368a2da7c4028a7ed182b1c338c Mon Sep 17 00:00:00 2001
From: Ramon Wenger <ramon.wenger@iterativ.ch>
Date: Thu, 20 Jan 2022 17:20:34 +0100
Subject: [PATCH] Sanitize user input

---
 client/src/helpers/text.js | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/client/src/helpers/text.js b/client/src/helpers/text.js
index 58c7780f..6802f773 100644
--- a/client/src/helpers/text.js
+++ b/client/src/helpers/text.js
@@ -1,6 +1,12 @@
+const sanitize = html => {
+  let doc = new DOMParser().parseFromString(html, 'text/html');
+  return doc.body.textContent || '';
+};
+
 export const newLineToParagraph = (text) => {
   return text
     .split(/\n+/)
+    .map(sanitize)// sanitize after the split, because the sanitizer would probably remove the newlines
     .map(p => `<p>${p}</p>`)
     .join('');
 };