fix: sanitize html string (#784)

app/assets/javascripts/components/NotesListItem.tsx

@@ -1,4 +1,8 @@
-import { CollectionSort, SNNote } from '@standardnotes/snjs';
+import {
+  CollectionSort,
+  sanitizeHtmlString,
+  SNNote,
+} from '@standardnotes/snjs';
 import { FunctionComponent } from 'preact';
 
 type Props = {
@@ -108,7 +112,9 @@ export const NotesListItem: FunctionComponent<Props> = ({
           {note.preview_html ? (
             <div
               className="html-preview"
-              dangerouslySetInnerHTML={{ __html: note.preview_html }}
+              dangerouslySetInnerHTML={{
+                __html: sanitizeHtmlString(note.preview_html),
+              }}
             ></div>
           ) : null}
           {!note.preview_html && note.preview_plain ? (