From 6c3afcca08a68cd39eb51df2ff70b2ee5f1ea2f3 Mon Sep 17 00:00:00 2001
From: lsnnt <tnityanand523@gmail.com>
Date: Wed, 31 Dec 2025 10:55:23 +0530
Subject: [PATCH] added direct text support for countering xss and test were
 also failing

---
 server/notification-providers/resend.js | 12 ++----------
 1 file changed, 2 insertions(+), 10 deletions(-)

diff --git a/server/notification-providers/resend.js b/server/notification-providers/resend.js
index a07a50dac..ebadfcce7 100644
--- a/server/notification-providers/resend.js
+++ b/server/notification-providers/resend.js
@@ -1,11 +1,5 @@
 const NotificationProvider = require("./notification-provider");
 const axios = require("axios");
-const { JSDOM } = require("jsdom");
-const createDOMPurify = require("dompurify");
-
-// Initialize a server-side DOMPurify using JSDOM. Created once per module.
-const window = new JSDOM("").window;
-const DOMPurify = createDOMPurify(window);
 
 class Resend extends NotificationProvider {
     name = "Resend";
@@ -31,10 +25,8 @@ class Resend extends NotificationProvider {
                 from: `${fromName} <${email}>`,
                 to: notification.resendToEmail,
                 subject: notification.resendSubject || "Notification from Your Uptime Kuma",
-                // sanitize the message content to avoid injecting unsafe HTML
-                html: `<html><head></head><body>${DOMPurify.sanitize(msg.replace(/\n/g, "<br/>"), {
-                    ALLOWED_TAGS: [ "b", "i", "br" ],
-                })}</body></html>`
+                // supplied text directly instead of html 
+                text:msg,
             };
 
             let result = await axios.post(