fix: sanitize html string (#784)

app/assets/javascripts/app.ts

@@ -124,7 +124,7 @@ const startApplication: StartApplication = async function startApplication(
   SNLog.onLog = console.log;
   startErrorReporting();
 
-  angular.module('app', ['ngSanitize']);
+  angular.module('app', []);
 
   // Config
   angular

app/assets/javascripts/components/NotesListItem.tsx

@@ -1,4 +1,8 @@
-import { CollectionSort, SNNote } from '@standardnotes/snjs';
+import {
+  CollectionSort,
+  sanitizeHtmlString,
+  SNNote,
+} from '@standardnotes/snjs';
 import { FunctionComponent } from 'preact';
 
 type Props = {
@@ -108,7 +112,9 @@ export const NotesListItem: FunctionComponent<Props> = ({
           {note.preview_html ? (
             <div
               className="html-preview"
-              dangerouslySetInnerHTML={{ __html: note.preview_html }}
+              dangerouslySetInnerHTML={{
+                __html: sanitizeHtmlString(note.preview_html),
+              }}
             ></div>
           ) : null}
           {!note.preview_html && note.preview_plain ? (

app/assets/javascripts/index.ts

@@ -6,7 +6,6 @@ import '../stylesheets/index.css.scss';
 
 // Vendor
 import 'angular';
-import '../../../vendor/assets/javascripts/angular-sanitize';
 import '../../../vendor/assets/javascripts/zip/deflate';
 import '../../../vendor/assets/javascripts/zip/inflate';
 import '../../../vendor/assets/javascripts/zip/zip';