From 44bd32da9e0238ada6a0d11c8f4c7eb39857643f Mon Sep 17 00:00:00 2001
From: Akhilesh Thite <akhithite@gmail.com>
Date: Mon, 15 Jul 2024 18:39:21 +0530
Subject: [PATCH] fix: use .innerHTML with DOMPurify for profile summary to
 prevent raw html display

---
 actor-profile.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/actor-profile.js b/actor-profile.js
index 9e34f34..5ffd70e 100644
--- a/actor-profile.js
+++ b/actor-profile.js
@@ -1,4 +1,5 @@
 import { db } from './dbInstance.js'
+import DOMPurify from './dependencies/dompurify/purify.js'
 
 class ActorProfile extends HTMLElement {
   static get observedAttributes () {
@@ -96,7 +97,7 @@ class ActorProfile extends HTMLElement {
     if (actorInfo.summary) {
       const pUserSummary = document.createElement('div')
       pUserSummary.classList.add('profile-summary')
-      pUserSummary.textContent = `${actorInfo.summary}`
+      pUserSummary.innerHTML = DOMPurify.sanitize(actorInfo.summary)
       actorContainer.appendChild(pUserSummary) // Append to the actor container
     }