fix(security): sanitize email rich body render path (#5212)

This commit is contained in:
Ocean Bennett
2026-07-04 17:21:18 -04:00
committed by GitHub
parent 440d99d02c
commit d8d98caa78
3 changed files with 28 additions and 7 deletions
+2 -1
View File
@@ -133,7 +133,7 @@ function _cleanAllowedHtmlOnce(htmlString) {
return tpl.innerHTML;
}
function sanitizeAllowedHtml(html) {
export function sanitizeAllowedHtml(html) {
const raw = String(html == null ? '' : html);
// Non-browser context (e.g. a future SSR/Node import): fail closed by
// escaping rather than trusting the markup.
@@ -824,6 +824,7 @@ export function renderMermaid(container) {
const markdownModule = {
escapeHtml,
mdToHtml,
sanitizeAllowedHtml,
squashOutsideCode,
renderContent,
processWithThinking,