From b55b260c89b8cf8ad7aedf6e8f84bf746a0dda5a Mon Sep 17 00:00:00 2001
From: Gandharv <gandharvkumargarg@gmail.com>
Date: Thu, 31 Mar 2022 08:39:47 +0500
Subject: [PATCH] [docs] sanitize html input for comments (#2677)

---
 frontend/src/Editor/Comment/index.jsx | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/frontend/src/Editor/Comment/index.jsx b/frontend/src/Editor/Comment/index.jsx
index d531d86f4b..f22f7ea511 100644
--- a/frontend/src/Editor/Comment/index.jsx
+++ b/frontend/src/Editor/Comment/index.jsx
@@ -9,6 +9,7 @@ import CommentFooter from '@/Editor/Comment/CommentFooter';
 import usePopover from '@/_hooks/use-popover';
 import { commentsService } from '@/_services';
 import useRouter from '@/_hooks/use-router';
+import DOMPurify from 'dompurify';
 
 const Comment = ({
   socket,
@@ -78,7 +79,7 @@ const Comment = ({
   const handleSubmit = async (comment) => {
     await commentsService.createComment({
       threadId,
-      comment,
+      comment: DOMPurify.sanitize(comment),
       appVersionsId,
     });
     socket.send(
@@ -97,7 +98,7 @@ const Comment = ({
   };
 
   const handleEdit = async (comment, cid) => {
-    await commentsService.updateComment(cid, { comment });
+    await commentsService.updateComment(cid, { comment: DOMPurify.sanitize(comment) });
     fetchData();
     socket.send(
       JSON.stringify({