From 37f349f04057efd92ea678eac14499d8a01ddebb Mon Sep 17 00:00:00 2001
From: Philipinho <16838612+Philipinho@users.noreply.github.com>
Date: Fri, 6 Feb 2026 17:56:28 -0800
Subject: [PATCH] sanitize output

---
 .../features/editor/components/ai-menu/result-preview.tsx  | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/apps/client/src/features/editor/components/ai-menu/result-preview.tsx b/apps/client/src/features/editor/components/ai-menu/result-preview.tsx
index 330dfaf0..7388f1b1 100644
--- a/apps/client/src/features/editor/components/ai-menu/result-preview.tsx
+++ b/apps/client/src/features/editor/components/ai-menu/result-preview.tsx
@@ -1,4 +1,5 @@
 import { Loader, Paper, Text } from "@mantine/core";
+import DOMPurify from "dompurify";
 import { marked } from "marked";
 import { memo } from "react";
 import classes from "./ai-menu.module.css";
@@ -13,12 +14,12 @@ const ResultPreview = memo(({ output, isLoading }: ResultPreviewProps) => {
   const parsedOutput = `${marked.parse(output)}`;
 
   return (
-    <Paper p="sm" mb={4} withBorder>
-      <Text size="sm">
+    <Paper p="sm" mb={4} shadow="lg" withBorder>
+      <Text size="sm" component="div">
         {parsedOutput && (
           <div
             className={classes.resultPreviewWrapper}
-            dangerouslySetInnerHTML={{ __html: parsedOutput }}
+            dangerouslySetInnerHTML={{ __html: DOMPurify.sanitize(parsedOutput) }}
           />
         )}
         {isLoading && <Loader size={12} ml="xs" display="inline-block" />}