From d01c4ec84d71749f1dbb2b5247985c60eb87a761 Mon Sep 17 00:00:00 2001
From: Konstantinos Passadis | Azure MVP | MCT <passadis@outlook.com>
Date: Thu, 17 Jul 2025 23:16:02 +0300
Subject: [PATCH] Potential fix for code scanning alert no. 2: DOM text
 reinterpreted as HTML

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 package.json   | 3 ++-
 pages/index.js | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/package.json b/package.json
index b8ce4c9..2fd11ac 100644
--- a/package.json
+++ b/package.json
@@ -13,7 +13,8 @@
     "node-fetch": "^3.3.2",
     "postcss": "^8.5.6",
     "react": "^19.0.0",
-    "react-dom": "^19.0.0"
+    "react-dom": "^19.0.0",
+    "dompurify": "^3.2.6"
   },
   "devDependencies": {
     "@eslint/eslintrc": "^3",
diff --git a/pages/index.js b/pages/index.js
index 4c26c07..177bd20 100644
--- a/pages/index.js
+++ b/pages/index.js
@@ -1,6 +1,7 @@
 import React, { useState, useRef, useEffect } from 'react';
 import Head from 'next/head';
 import Image from 'next/image';
+import DOMPurify from 'dompurify';
 
 const isValidUrl = (url) => {
     try {
@@ -138,7 +139,7 @@ export default function ChatPage() {
             parts.push(
                 <a
                     key={`link-${match.index}`}
-                    href={isValidUrl(match[2]) ? match[2] : '#'}
+                    href={isValidUrl(match[2]) ? DOMPurify.sanitize(match[2]) : '#'}
                     target="_blank"
                     rel="noopener noreferrer"
                     className="text-blue-400 hover:text-blue-300 underline font-medium bg-blue-500/10 px-1 py-0.5 rounded transition-colors"