From e3c52a6174fc74a8c796b630f4d6a937c89de3eb Mon Sep 17 00:00:00 2001
From: one <wangan.cs@gmail.com>
Date: Tue, 19 Aug 2025 12:58:45 +0800
Subject: [PATCH] fix(ImagePreview): add relaxed sanitize rules for svg (#9293)

---
 src/renderer/src/components/Preview/utils.ts | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/src/renderer/src/components/Preview/utils.ts b/src/renderer/src/components/Preview/utils.ts
index 9a011048c3..7257251e7b 100644
--- a/src/renderer/src/components/Preview/utils.ts
+++ b/src/renderer/src/components/Preview/utils.ts
@@ -1,4 +1,5 @@
 import { makeSvgSizeAdaptive } from '@renderer/utils'
+import DOMPurify from 'dompurify'
 
 /**
  * Renders an SVG string inside a host element's Shadow DOM to ensure style encapsulation.
@@ -14,14 +15,11 @@ export function renderSvgInShadowHost(svgContent: string, hostElement: HTMLEleme
     throw new Error('Host element for SVG rendering is not available.')
   }
 
-  // FIXME: Sanitize the SVG content
-  // const sanitizedContent = DOMPurify.sanitize(svgContent, {
-  //   USE_PROFILES: { svg: true, svgFilters: true },
-  //   RETURN_DOM_FRAGMENT: false,
-  //   RETURN_DOM: false
-  // })
-
-  const sanitizedContent = svgContent
+  // Sanitize the SVG content
+  const sanitizedContent = DOMPurify.sanitize(svgContent, {
+    USE_PROFILES: { svg: true, svgFilters: true },
+    ADD_TAGS: ['style', 'defs', 'foreignObject']
+  })
 
   const shadowRoot = hostElement.shadowRoot || hostElement.attachShadow({ mode: 'open' })