From c0b78df28a7c24a602edbadab8b97925b1bb7f61 Mon Sep 17 00:00:00 2001
From: makuga01 <20490978+makuga01@users.noreply.github.com>
Date: Mon, 2 Jan 2023 15:58:28 +0100
Subject: [PATCH] fix CSS injection vuln

---
 src/components/cell.tsx | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/components/cell.tsx b/src/components/cell.tsx
index 8276273..35dd5f0 100644
--- a/src/components/cell.tsx
+++ b/src/components/cell.tsx
@@ -61,8 +61,10 @@ export const Cell = React.memo(function (props: CellProps) {
   const isLongValue = (displayValue || '').length > 23;
   const stringWithLinks = React.useMemo(() => {
     if (!displayValue) return '';
-
-    const sanitized = DOMPurify.sanitize(displayValue);
+    const dompurifyConfig = {
+        FORBID_TAGS: ['style', 'form'],
+    }
+    const sanitized = DOMPurify.sanitize(displayValue, dompurifyConfig);
     // Does the sanitized string contain any links?
     if (!linkify.test(sanitized)) return sanitized;