added direct text support for countering xss and test were also failing

2025-12-31 10:55:23 +05:30 · 2025-12-31 10:55:23 +05:30 · 6c3afcca08
commit 6c3afcca08
parent bdf499edd2
1 changed files with 2 additions and 10 deletions
--- a/server/notification-providers/resend.js
+++ b/server/notification-providers/resend.js
@ -1,11 +1,5 @@
 const NotificationProvider = require("./notification-provider");
 const axios = require("axios");
-const { JSDOM } = require("jsdom");
-const createDOMPurify = require("dompurify");
-
-// Initialize a server-side DOMPurify using JSDOM. Created once per module.
-const window = new JSDOM("").window;
-const DOMPurify = createDOMPurify(window);

 class Resend extends NotificationProvider {
    name = "Resend";
@ -31,10 +25,8 @@ class Resend extends NotificationProvider {
                from: `${fromName} <${email}>`,
                to: notification.resendToEmail,
                subject: notification.resendSubject || "Notification from Your Uptime Kuma",
-                // sanitize the message content to avoid injecting unsafe HTML
-                html: `<html><head></head><body>${DOMPurify.sanitize(msg.replace(/\n/g, "<br/>"), {
-                    ALLOWED_TAGS: [ "b", "i", "br" ],
-                })}</body></html>`
+                // supplied text directly instead of html 
+                text:msg,
            };

            let result = await axios.post(