Create a safeHTML function that can be used everywhere that is based …

…on the one in core.

build/blocks/rsvp-template/view.asset.php

@@ -1 +1 @@
-<?php return array('dependencies' => array('@wordpress/interactivity'), 'version' => 'dfcc7c1f8047b4f5c5c8', 'type' => 'module');
+<?php return array('dependencies' => array('@wordpress/interactivity'), 'version' => 'f3f32604eb20c4bc322a', 'type' => 'module');

build/blocks/rsvp-v2/view.asset.php

@@ -1 +1 @@
-<?php return array('dependencies' => array('@wordpress/interactivity'), 'version' => '22c3b2beeb12d7cd5f38', 'type' => 'module');
+<?php return array('dependencies' => array('@wordpress/interactivity'), 'version' => 'dc3813b00dfe0de045a8', 'type' => 'module');

build/vendors-node_modules_leaflet_dist_leaflet_css-rtl.css

@@ -346,12 +346,12 @@ svg.leaflet-image-layer.leaflet-interactive path {
 	border-radius: 5px;
 	}
 .leaflet-control-layers-toggle {
-	background-image: url(images/layers.png);
+	background-image: url(images/layers.416d9136.png);
 	width: 36px;
 	height: 36px;
 	}
 .leaflet-retina .leaflet-control-layers-toggle {
-	background-image: url(images/layers-2x.png);
+	background-image: url(images/layers-2x.8f2c4d11.png);
 	background-size: 26px 26px;
 	}
 .leaflet-touch .leaflet-control-layers-toggle {
@@ -394,7 +394,7 @@ svg.leaflet-image-layer.leaflet-interactive path {
 
 /* Default icon URLs */
 .leaflet-default-icon-path { /* used only in path-guessing heuristic, see L.Icon.Default */
-	background-image: url(images/marker-icon.png);
+	background-image: url(images/marker-icon.2b3e1faf.png);
 	}
 
 

src/blocks/rsvp-template/view.js

@@ -6,7 +6,7 @@ import { store, getContext, getElement } from '@wordpress/interactivity';
 /**
  * Internal dependencies.
  */
-import { getFromGlobal } from '../../helpers/globals';
+import { getFromGlobal, safeHTML } from '../../helpers/globals';
 
 const { state } = store('gatherpress', {
 	callbacks: {
@@ -49,7 +49,7 @@ const { state } = store('gatherpress', {
 
 						element.ref.insertAdjacentHTML(
 							'beforebegin',
-							global.wp.dom.safeHTML(res.content)
+							safeHTML(res.content)
 						);
 					}
 				})

src/helpers/globals.js

@@ -49,3 +49,42 @@ export function setToGlobal(args, value) {
 	properties.reduce((all, item) => (all[item] ??= {}), GatherPress)[last] =
 		value;
 }
+
+/**
+ * Strip <script> tags and "on*" attributes from HTML to sanitize it.
+ *
+ * This function removes <script> elements and any attributes starting with "on" (e.g., event handlers)
+ * to mitigate potential XSS vulnerabilities. It is a similar implementation to WordPress Core's `safeHTML` function
+ * in `dom.js`, tailored for use when the Core implementation is unavailable or unnecessary.
+ *
+ * @since 1.0.0
+ *
+ * @param {string} html - The raw HTML string to sanitize.
+ *
+ * @return {string} The sanitized HTML string.
+ */
+export function safeHTML(html) {
+	const { body } = document.implementation.createHTMLDocument('');
+	body.innerHTML = html;
+	const elements = body.getElementsByTagName('*');
+	let elementIndex = elements.length;
+
+	while (elementIndex--) {
+		const element = elements[elementIndex];
+		if ('SCRIPT' === element.tagName) {
+			if (element.parentNode) {
+				element.parentNode.removeChild(element);
+			}
+		} else {
+			let attributeIndex = element.attributes.length;
+			while (attributeIndex--) {
+				const { name: key } = element.attributes[attributeIndex];
+				if (key.startsWith('on')) {
+					element.removeAttribute(key);
+				}
+			}
+		}
+	}
+
+	return body.innerHTML;
+}