From c04767e023c5dfeaa050faf72c7b1d14271470ff Mon Sep 17 00:00:00 2001
From: Thomas Cheyney <top_cat@thomasc.co.uk>
Date: Sat, 1 Feb 2025 17:29:02 +0000
Subject: [PATCH] Enable dompurify trusted types

---
 src/core/components/providers/markdown.jsx         |  1 +
 src/core/plugins/oas3/wrap-components/markdown.jsx | 10 +++++-----
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/src/core/components/providers/markdown.jsx b/src/core/components/providers/markdown.jsx
index 4a08d79157d..e688f4c4b25 100644
--- a/src/core/components/providers/markdown.jsx
+++ b/src/core/components/providers/markdown.jsx
@@ -67,6 +67,7 @@ export function sanitizer(str, { useUnsafeMarkdown = false } = {}) {
     FORBID_TAGS: ["style", "form"],
     ALLOW_DATA_ATTR,
     FORBID_ATTR,
+    RETURN_TRUSTED_TYPE: true
   })
 }
 sanitizer.hasWarnedAboutDeprecation = false
diff --git a/src/core/plugins/oas3/wrap-components/markdown.jsx b/src/core/plugins/oas3/wrap-components/markdown.jsx
index 95ca2f4bb03..cd9d13657f8 100644
--- a/src/core/plugins/oas3/wrap-components/markdown.jsx
+++ b/src/core/plugins/oas3/wrap-components/markdown.jsx
@@ -17,18 +17,18 @@ export const Markdown = ({ source, className = "", getConfigs = () => ({ useUnsa
   if ( source ) {
     const { useUnsafeMarkdown } = getConfigs()
     const html = parser.render(source)
-    const sanitized = sanitizer(html, { useUnsafeMarkdown })
 
     let trimmed
 
-    if(typeof sanitized === "string") {
-      trimmed = sanitized.trim()
-    }
+    if (typeof html === "string")
+      trimmed = html.trim()
+
+    const sanitized = sanitizer(trimmed, { useUnsafeMarkdown })
 
     return (
       <div
         dangerouslySetInnerHTML={{
-          __html: trimmed
+          __html: sanitized
         }}
         className={cx(className, "renderedMarkdown")}
       />