Fix code scanning alert no. 18: DOM text reinterpreted as HTML

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
GSA · Dec 19, 2024 · 786eddf · 786eddf
1 parent 3bd45ac
commit 786eddf
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/assets/js/slick.js b/assets/js/slick.js
@@ -15,6 +15,7 @@
 
  */
 /* global window, document, define, jQuery, setInterval, clearInterval */
+import DOMPurify from 'dompurify';
 (function (factory) {
     'use strict';
     if (typeof define === 'function' && define.amd) {
@@ -1459,7 +1460,7 @@
             $('img[data-lazy]', imagesScope).each(function () {
 
                 var image = $(this),
-                    imageSource = $(this).attr('data-lazy'),
+                    imageSource = DOMPurify.sanitize($(this).attr('data-lazy')),
                     imageToLoad = document.createElement('img');
 
                 imageToLoad.onload = function () {