feat(sanitize-html): integrate sanitize-html for product descriptions

- Add sanitize-html package to sanitize product descriptions, ensuring safe rendering of HTML content. - Update PrerenderProduct and ProductDetailPage components to utilize sanitize-html for improved security and content integrity. - Enhance error handling in ProductDetailPage to fallback to plain text if HTML parsing fails.
2025-11-13 06:44:06 +01:00
parent 2bb9a151a3
commit 9e9d9ada4a
4 changed files with 94 additions and 7 deletions
--- a/src/components/ProductDetailPage.js
+++ b/src/components/ProductDetailPage.js
@@ -9,6 +9,7 @@ import LinkIcon from "@mui/icons-material/Link";
 import CodeIcon from "@mui/icons-material/Code";
 import { Link } from "react-router-dom";
 import parse from "html-react-parser";
+import sanitizeHtml from "sanitize-html";
 import AddToCartButton from "./AddToCartButton.js";
 import ProductImage from "./ProductImage.js";
 import Product from "./Product.js";
@@ -1314,9 +1315,16 @@ class ProductDetailPage extends Component {
                "& strong": { fontWeight: 600 },
              }}
            >
-              {product.description ? (
-                parse(product.description)
-              ) : upgrading ? (
+              {product.description ? (() => {
+                try {
+                  // Sanitize HTML to remove invalid tags
+                  return parse(sanitizeHtml(product.description));
+                } catch (error) {
+                  console.warn('Failed to parse product description HTML:', error);
+                  // Fallback to rendering as plain text if HTML parsing fails
+                  return <span>{product.description}</span>;
+                }
+              })() : upgrading ? (
                <Box sx={{ textAlign: "center", py: 2 }}>
                  <Typography variant="body1" color="text.secondary">
                    {this.props.t ? this.props.t('product.loadingDescription') : 'Produktbeschreibung wird geladen...'}