From 734dec1f0bc6e00efc9048f0cd3139c82730a986 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?calvadev=E2=9A=A1=EF=B8=8F?=
 <32919103+calvadev@users.noreply.github.com>
Date: Wed, 4 Sep 2024 00:02:51 +0000
Subject: [PATCH] Added sanitization for shop banner image URL

---
 components/home/marketplace.tsx |  3 ++-
 package-lock.json               | 11 +++++++++++
 package.json                    |  1 +
 3 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/components/home/marketplace.tsx b/components/home/marketplace.tsx
index 9f38d65..ed55928 100644
--- a/components/home/marketplace.tsx
+++ b/components/home/marketplace.tsx
@@ -25,6 +25,7 @@ import SignInModal from "../sign-in/SignInModal";
 import ShopstrSwitch from "../utility-components/shopstr-switch";
 import { ShopSettings } from "../../utils/types/types";
 import SideShopNav from "./side-shop-nav";
+import { sanitizeUrl } from "@braintree/sanitize-url";
 
 export function MarketplacePage({
   focusedPubkey,
@@ -121,7 +122,7 @@ export function MarketplacePage({
           <>
             <div className="flex h-auto w-full items-center justify-center bg-cover bg-center">
               <img
-                src={shopBannerURL}
+                src={sanitizeUrl(shopBannerURL)}
                 alt="Shop Banner"
                 className="flex max-h-[310.5px] w-full items-center justify-center object-cover"
               />
diff --git a/package-lock.json b/package-lock.json
index 60e8d74..ba3fc83 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -8,6 +8,7 @@
       "name": "shopstr",
       "version": "0.1.0",
       "dependencies": {
+        "@braintree/sanitize-url": "^7.1.0",
         "@cashu/cashu-ts": "^0.8.1",
         "@getalby/lightning-tools": "^5.0.1",
         "@heroicons/react": "^2.1.1",
@@ -1824,6 +1825,11 @@
         "node": ">=6.9.0"
       }
     },
+    "node_modules/@braintree/sanitize-url": {
+      "version": "7.1.0",
+      "resolved": "https://registry.npmjs.org/@braintree/sanitize-url/-/sanitize-url-7.1.0.tgz",
+      "integrity": "sha512-o+UlMLt49RvtCASlOMW0AkHnabN9wR9rwCCherxO0yG4Npy34GkvrAqdXQvrhNs+jh+gkK8gB8Lf05qL/O7KWg=="
+    },
     "node_modules/@cashu/cashu-ts": {
       "version": "0.8.1",
       "resolved": "https://registry.npmjs.org/@cashu/cashu-ts/-/cashu-ts-0.8.1.tgz",
@@ -13408,6 +13414,11 @@
         "to-fast-properties": "^2.0.0"
       }
     },
+    "@braintree/sanitize-url": {
+      "version": "7.1.0",
+      "resolved": "https://registry.npmjs.org/@braintree/sanitize-url/-/sanitize-url-7.1.0.tgz",
+      "integrity": "sha512-o+UlMLt49RvtCASlOMW0AkHnabN9wR9rwCCherxO0yG4Npy34GkvrAqdXQvrhNs+jh+gkK8gB8Lf05qL/O7KWg=="
+    },
     "@cashu/cashu-ts": {
       "version": "0.8.1",
       "resolved": "https://registry.npmjs.org/@cashu/cashu-ts/-/cashu-ts-0.8.1.tgz",
diff --git a/package.json b/package.json
index f63733b..e5c5a16 100644
--- a/package.json
+++ b/package.json
@@ -11,6 +11,7 @@
     "knex:migrate": "node --loader ts-node/esm ./node_modules/.bin/knex --knexfile ./knexfile.ts migrate:latest"
   },
   "dependencies": {
+    "@braintree/sanitize-url": "^7.1.0",
     "@cashu/cashu-ts": "^0.8.1",
     "@getalby/lightning-tools": "^5.0.1",
     "@heroicons/react": "^2.1.1",