diff --git a/apps/web/modules/survey/follow-ups/components/follow-up-email.tsx b/apps/web/modules/survey/follow-ups/components/follow-up-email.tsx index 62eb62834f..6ca82315e3 100644 --- a/apps/web/modules/survey/follow-ups/components/follow-up-email.tsx +++ b/apps/web/modules/survey/follow-ups/components/follow-up-email.tsx @@ -1,6 +1,6 @@ import { Column, Hr, Row, Text } from "@react-email/components"; -import dompurify from "isomorphic-dompurify"; import React from "react"; +import sanitizeHtml from "sanitize-html"; import { TSurveyFollowUp } from "@formbricks/database/types/survey-follow-up"; import { TResponse } from "@formbricks/types/responses"; import { TSurvey } from "@formbricks/types/surveys/types"; @@ -35,11 +35,16 @@ export async function FollowUpEmail(props: FollowUpEmailProps): Promise
diff --git a/apps/web/package.json b/apps/web/package.json index 5edbc13399..f3b8cb7616 100644 --- a/apps/web/package.json +++ b/apps/web/package.json @@ -72,8 +72,8 @@ "@radix-ui/react-tooltip": "1.2.6", "@react-email/components": "0.0.38", "@sentry/nextjs": "10.5.0", - "@tailwindcss/forms": "0.5.10", "@t3-oss/env-nextjs": "0.13.4", + "@tailwindcss/forms": "0.5.10", "@tailwindcss/typography": "0.5.16", "@tanstack/react-table": "8.21.3", "@ungap/structured-clone": "1.3.0", @@ -111,16 +111,17 @@ "prismjs": "1.30.0", "qr-code-styling": "1.9.2", "qrcode": "1.5.4", + "react-calendar": "5.1.0", "react-colorful": "5.6.1", "react-confetti": "6.4.0", "react-day-picker": "9.6.7", "react-hook-form": "7.56.2", "react-hot-toast": "2.5.2", - "react-calendar": "5.1.0", "react-i18next": "15.7.3", "react-turnstile": "1.1.4", "react-use": "17.6.0", "redis": "4.7.0", + "sanitize-html": "2.17.0", "server-only": "0.0.1", "sharp": "0.34.1", "stripe": "16.12.0", @@ -148,6 +149,7 @@ "@types/nodemailer": "7.0.2", "@types/papaparse": "5.3.15", "@types/qrcode": "1.5.5", + "@types/sanitize-html": "2.16.0", "@types/testing-library__react": "10.2.0", "@types/ungap__structured-clone": "1.2.0", "@vitest/coverage-v8": "3.1.3", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index f45506f2db..96d53d1626 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -423,6 +423,9 @@ importers: redis: specifier: 4.7.0 version: 4.7.0 + sanitize-html: + specifier: 2.17.0 + version: 2.17.0 server-only: specifier: 0.0.1 version: 0.0.1 @@ -499,6 +502,9 @@ importers: '@types/qrcode': specifier: 1.5.5 version: 1.5.5 + '@types/sanitize-html': + specifier: 2.16.0 + version: 2.16.0 '@types/testing-library__react': specifier: 10.2.0 version: 10.2.0(@testing-library/dom@8.20.1)(@types/react-dom@19.2.1(@types/react@19.2.7))(@types/react@19.2.7)(react-dom@19.2.1(react@19.2.1))(react@19.2.1) @@ -4877,6 +4883,9 @@ packages: '@types/resolve@1.20.6': resolution: {integrity: sha512-A4STmOXPhMUtHH+S6ymgE2GiBSMqf4oTvcQZMcHzokuTLVYzXTB8ttjcgxOVaAp2lGwEdzZ0J+cRbbeevQj1UQ==} + '@types/sanitize-html@2.16.0': + resolution: {integrity: sha512-l6rX1MUXje5ztPT0cAFtUayXF06DqPhRyfVXareEN5gGCFaP/iwsxIyKODr9XDhfxPpN6vXUFNfo5kZMXCxBtw==} + '@types/semver@7.7.1': resolution: {integrity: sha512-FmgJfu+MOcQ370SD0ev7EI8TlCAfKYU+B4m5T3yXc1CiRN94g/SZPtsCkk506aUDtlMnFZvasDwHHUcZUEaYuA==} @@ -7411,6 +7420,10 @@ packages: resolution: {integrity: sha512-+Pgi+vMuUNkJyExiMBt5IlFoMyKnr5zhJ4Uspz58WOhBF5QoIZkFyNHIbBAtHwzVAgk5RtndVNsDRN61/mmDqg==} engines: {node: '>=12'} + is-plain-object@5.0.0: + resolution: {integrity: sha512-VRSzKkbMm5jMDoKLbltAkFQ5Qr7VDiTFGXxYFXXowVj387GeGNOCsOH6Msy00SGZ3Fp84b1Naa1psqgcCIEP5Q==} + engines: {node: '>=0.10.0'} + is-potential-custom-element-name@1.0.1: resolution: {integrity: sha512-bCYeRA2rVibKZd+s2625gGnGF/t7DSqDs4dP7CrLA1m7jKWz6pps0LpYLJN8Q64HtmPKJ1hrN3nzPNKFEKOUiQ==} @@ -8431,6 +8444,9 @@ packages: resolution: {integrity: sha512-ayCKvm/phCGxOkYRSCM82iDwct8/EonSEgCSxWxD7ve6jHggsFl4fZVQBPRNgQoKiuV/odhFrGzQXZwbifC8Rg==} engines: {node: '>=8'} + parse-srcset@1.0.2: + resolution: {integrity: sha512-/2qh0lav6CmI15FzA3i/2Bzk2zCgQhGMkvhOhKNcBVQ1ldgpbfiNTVslmooUmWJcADi1f1kIeynbDRVzNlfR6Q==} + parse5@8.0.0: resolution: {integrity: sha512-9m4m5GSgXjL4AjumKzq1Fgfp3Z8rsvjRNbnkVwfu2ImRqE5D0LnY2QfDen18FSY9C573YU5XxSapdHZTZ2WolA==} @@ -9195,6 +9211,9 @@ packages: safer-buffer@2.1.2: resolution: {integrity: sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==} + sanitize-html@2.17.0: + resolution: {integrity: sha512-dLAADUSS8rBwhaevT12yCezvioCA+bmUTPH/u57xKPT8d++voeYE6HeluA/bPbQ15TwDBG2ii+QZIEmYx8VdxA==} + satori@0.16.0: resolution: {integrity: sha512-ZvHN3ygzZ8FuxjSNB+mKBiF/NIoqHzlBGbD0MJiT+MvSsFOvotnWOhdTjxKzhHRT2wPC1QbhLzx2q/Y83VhfYQ==} engines: {node: '>=16'} @@ -15890,6 +15909,10 @@ snapshots: '@types/resolve@1.20.6': {} + '@types/sanitize-html@2.16.0': + dependencies: + htmlparser2: 8.0.2 + '@types/semver@7.7.1': {} '@types/shimmer@1.2.0': {} @@ -18923,6 +18946,8 @@ snapshots: is-plain-obj@4.1.0: {} + is-plain-object@5.0.0: {} + is-potential-custom-element-name@1.0.1: {} is-property@1.0.2: {} @@ -19971,6 +19996,8 @@ snapshots: json-parse-even-better-errors: 2.3.1 lines-and-columns: 1.2.4 + parse-srcset@1.0.2: {} + parse5@8.0.0: dependencies: entities: 6.0.1 @@ -20790,6 +20817,15 @@ snapshots: safer-buffer@2.1.2: {} + sanitize-html@2.17.0: + dependencies: + deepmerge: 4.3.1 + escape-string-regexp: 4.0.0 + htmlparser2: 8.0.2 + is-plain-object: 5.0.0 + parse-srcset: 1.0.2 + postcss: 8.5.3 + satori@0.16.0: dependencies: '@shuding/opentype.js': 1.4.0-beta.0