From 4924f06a19e21b43e42a98bf8b75229d43eb8b01 Mon Sep 17 00:00:00 2001
From: Amir <eslami.amir76@gmail.com>
Date: Fri, 23 Jul 2021 19:28:45 +0430
Subject: [PATCH] fix(hyperlinking): purify channel descriptions to prevent XSS
 vulnerability

---
 src/components/Channel.vue | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/components/Channel.vue b/src/components/Channel.vue
index 0bd9c06a..fce23adf 100644
--- a/src/components/Channel.vue
+++ b/src/components/Channel.vue
@@ -4,7 +4,7 @@
     <div v-if="channel" v-show="!channel.error">
         <h1 class="uk-text-center"><img height="48" width="48" v-bind:src="channel.avatarUrl" />{{ channel.name }}</h1>
         <img v-if="channel.bannerUrl" v-bind:src="channel.bannerUrl" style="width: 100%" loading="lazy" />
-        <p style="white-space: pre-wrap"><span v-html="urlify(channel.description)"></span></p>
+        <p style="white-space: pre-wrap"><span v-html="purifyHTML(urlify(channel.description))"></span></p>
 
         <button
             v-if="authenticated"