From 9845e7ae29386b4bf2e1c6889c0d9a85ca959b18 Mon Sep 17 00:00:00 2001
From: Kabir Menghrajani <kabir.menghrajani@gsa.gov>
Date: Tue, 17 Dec 2024 11:08:15 -0500
Subject: [PATCH] Fix code scanning alert no. 3: DOM text reinterpreted as HTML

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 assets/js/slick.js | 3 ++-
 package.json       | 5 +++--
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/assets/js/slick.js b/assets/js/slick.js
index 53a9df7..10ced12 100644
--- a/assets/js/slick.js
+++ b/assets/js/slick.js
@@ -27,6 +27,7 @@
 
 }(function ($) {
     'use strict';
+    var DOMPurify = require('dompurify');
     var Slick = window.Slick || {};
 
     Slick = (function () {
@@ -1648,7 +1649,7 @@
         if ($imgsToLoad.length) {
 
             image = $imgsToLoad.first();
-            imageSource = image.attr('data-lazy');
+            imageSource = DOMPurify.sanitize(image.attr('data-lazy'));
             imageToLoad = document.createElement('img');
 
             imageToLoad.onload = function () {
diff --git a/package.json b/package.json
index f8d67d6..dcc06b8 100644
--- a/package.json
+++ b/package.json
@@ -13,7 +13,8 @@
     "dot-prop": "^5.3.0",
     "jquery": "^3.7.1",
     "netlify-cms": "^2.10.55",
-    "uswds": "^2.14.0"
+    "uswds": "^2.14.0",
+    "dompurify": "^3.2.3"
   },
   "devDependencies": {
     "rimraf": "^3.0.2"
@@ -23,7 +24,7 @@
     "minimist": "1.2.8",
     "remark-parse": ">=10.0.1",
     "mdast-util-to-hast": ">=5.0.0",
-    "trim":">=0.0.3",
+    "trim": ">=0.0.3",
     "tough-cookie": ">=4.1.4",
     "got": ">=11.8.5",
     "trim-newlines": ">=5.0.0",