Skip to content

Commit f5a2888

Browse files
authored
Merge pull request #18 from withinJoel/alert-autofix-19
Fix code scanning alert no. 19: DOM text reinterpreted as HTML
2 parents 2027bdc + de63f1d commit f5a2888

File tree

1 file changed

+6
-2
lines changed

1 file changed

+6
-2
lines changed

Modules/Packages/Detect Face.js

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,5 @@
1+
import DOMPurify from 'dompurify';
2+
13
//Detect Faces
24
async function detectFaces(data) {
35
const existingElement = document.querySelector('[data-role="dynamic-image"]') || document.querySelector('video[data-role="dynamic-video"]') || document.querySelector('[data-role="dynamic-dragged"]');
@@ -23,7 +25,8 @@ async function detectFaces(data) {
2325
img.style.maxHeight = '500px';
2426
img.setAttribute('data-role', 'dynamic-image');
2527

26-
const imgSrc = imagedir + data;
28+
const sanitizedData = DOMPurify.sanitize(data);
29+
const imgSrc = imagedir + sanitizedData;
2730
img.src = imgSrc;
2831

2932
// Check if the image source is valid
@@ -75,7 +78,8 @@ async function detectEmotion(data) {
7578
img.style.maxHeight = '500px';
7679
img.setAttribute('data-role', 'dynamic-image');
7780

78-
const imgSrc = imagedir + data;
81+
const sanitizedData = DOMPurify.sanitize(data);
82+
const imgSrc = imagedir + sanitizedData;
7983
img.src = imgSrc;
8084

8185
// Check if the image source is valid

0 commit comments

Comments
 (0)