From e5ebdb5fc839ee94cdb54a6a9eff43f1a8f2374f Mon Sep 17 00:00:00 2001
From: David Whittaker <dwhittaker@netflix.com>
Date: Thu, 19 Dec 2024 09:44:24 -0800
Subject: [PATCH] fix(ui): remove html from summary before display

---
 .../static/dispatch/src/incident/TimelineReportTab.vue         | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/dispatch/static/dispatch/src/incident/TimelineReportTab.vue b/src/dispatch/static/dispatch/src/incident/TimelineReportTab.vue
index 1eac8f4a3554..6eee4ddfad50 100644
--- a/src/dispatch/static/dispatch/src/incident/TimelineReportTab.vue
+++ b/src/dispatch/static/dispatch/src/incident/TimelineReportTab.vue
@@ -75,6 +75,7 @@
 import { mapFields } from "vuex-map-fields"
 import { formatToUTC, formatToTimeZones } from "@/filters"
 import { mapActions } from "vuex"
+import DOMPurify from "dompurify"
 
 export default {
   name: "IncidentTimelineReportTab",
@@ -93,7 +94,7 @@ export default {
     },
 
     incidentSummary() {
-      return this.summary
+      return DOMPurify.sanitize(this.summary, { ALLOWED_TAGS: [] })
         .split("\n")
         .map((part) => `<p >${part}</p>`)
         .join("")