From 686a85c768c9d89adfd36e26c466886de3bb22da Mon Sep 17 00:00:00 2001
From: Stefan Zermatten <stefanzermatten@gmail.com>
Date: Mon, 14 Aug 2023 09:55:45 +0200
Subject: [PATCH 1/3] Hotfix XSS vulnerability due to failed sanitization

---
 app/imports/client/ui/components/MarkdownText.vue | 3 ++-
 app/imports/client/ui/markdownCofig.js            | 1 -
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/imports/client/ui/components/MarkdownText.vue b/app/imports/client/ui/components/MarkdownText.vue
index bb133d27..eb0adfe8 100644
--- a/app/imports/client/ui/components/MarkdownText.vue
+++ b/app/imports/client/ui/components/MarkdownText.vue
@@ -9,6 +9,7 @@
 
 <script lang="js">
 import { marked } from 'marked';
+import DOMPurify from 'dompurify';
 
 export default {
   props: {
@@ -20,7 +21,7 @@ export default {
   computed: {
     compiledMarkdown() {
       if (!this.markdown) return;
-      return marked(this.markdown);
+      return DOMPurify.sanitize(marked(this.markdown));
     },
   },
 }
diff --git a/app/imports/client/ui/markdownCofig.js b/app/imports/client/ui/markdownCofig.js
index c0ff6a03..651ff39e 100644
--- a/app/imports/client/ui/markdownCofig.js
+++ b/app/imports/client/ui/markdownCofig.js
@@ -4,7 +4,6 @@ import DOMPurify from 'dompurify';
 marked.setOptions({
   breaks: true,
   gfm: true,
-  sanitizer: DOMPurify.sanitize,
   silent: true,
   smartLists: true,
   smartypants: true,

From e7acdc259cfd6e35fe68e839067e6b30b239c5a0 Mon Sep 17 00:00:00 2001
From: Stefan Zermatten <stefanzermatten@gmail.com>
Date: Mon, 14 Aug 2023 09:56:09 +0200
Subject: [PATCH 2/3] Bumped package number

---
 app/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/package.json b/app/package.json
index 37857bfc..a7fb1d35 100644
--- a/app/package.json
+++ b/app/package.json
@@ -1,6 +1,6 @@
 {
   "name": "dicecloud",
-  "version": "2.0.55",
+  "version": "2.0.56",
   "description": "Unofficial Online Realtime D&D 5e App",
   "license": "GPL-3.0",
   "repository": {

From 206fbb758630e3c562c66ac33c8612fabfe35dc9 Mon Sep 17 00:00:00 2001
From: Stefan Zermatten <stefanzermatten@gmail.com>
Date: Thu, 24 Aug 2023 13:04:00 +0200
Subject: [PATCH 3/3] Bumped version

---
 app/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/package.json b/app/package.json
index a7fb1d35..12f8fd6c 100644
--- a/app/package.json
+++ b/app/package.json
@@ -1,6 +1,6 @@
 {
   "name": "dicecloud",
-  "version": "2.0.56",
+  "version": "2.0.57",
   "description": "Unofficial Online Realtime D&D 5e App",
   "license": "GPL-3.0",
   "repository": {