From 73d008655c939f37713171b219c2b9eb97717a49 Mon Sep 17 00:00:00 2001 From: xpoes123 Date: Mon, 29 Jun 2026 23:53:49 -0400 Subject: [PATCH] security: sanitize question HTML with DOMPurify in admin category reports --- client/admin/category-reports/index.jsx | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/client/admin/category-reports/index.jsx b/client/admin/category-reports/index.jsx index f291dbb01..f7310b3bb 100644 --- a/client/admin/category-reports/index.jsx +++ b/client/admin/category-reports/index.jsx @@ -1,3 +1,4 @@ +import DOMPurify from 'dompurify'; import getBonusPartLabel from '../../scripts/utilities/get-bonus-part-label.js'; import QuestionCard from '../../scripts/components/QuestionCard.jsx'; import { CATEGORY_TO_ALTERNATE_SUBCATEGORIES, SUBCATEGORY_TO_CATEGORY } from '../../../quizbowl/categories.js'; @@ -23,9 +24,9 @@ function TossupCard ({ tossup }) { >
' ? 'bold' : 'normal' }}>{tossup.number}. - +
-
ANSWER:
+
ANSWER:
{packetName ? 'Packet ' + packetName :  } @@ -62,13 +63,13 @@ function BonusCard ({ bonus }) { >
' ? 'bold' : 'normal' }}>{bonus.number}. - + {indices.map((i) =>

-

{getBonusPartLabel(i)}

+

{getBonusPartLabel(i)}

ANSWER: - +
)}