🔒 Security · 🟠 High · Confidence: 96%
File: next/src/lib/export/deck.ts
Location: exportDeckPrint
What's wrong
The code writes raw HTML from slide data directly into a new window using w.document.write(
<title>${escapeHtml(title)}</title>
${head}
<style>...</style>
${sectionsHtml}
<script>...</script>
`);`. The `${head}` and `${sectionsHtml}` values are taken from untrusted slide content without any sanitisation, allowing injected scripts or malicious markup to execute in the opened window.
Suggested fix
Sanitise or escape the injected HTML before writing it, or construct the DOM using safe APIs. For example:
import DOMPurify from 'dompurify';
const safeHead = DOMPurify.sanitize(head);
const safeSections = DOMPurify.sanitize(sectionsHtml);
const html = `<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" />
<title>${escapeHtml(title)}</title>
${safeHead}
<style>...</style>
</head>
<body>
${safeSections}
<script>...</script>
</body>
</html>`;
w.document.open();
w.document.write(html);
w.document.close();
About this report
This finding was generated by an automated audit tool using Llama 3.3 70B + verification passes.
Only findings with ≥92% confidence that passed both LLM self-verification and line reference
verification are reported. False positives are still possible — please verify before acting.
🔒 Security · 🟠 High · Confidence: 96%
File:
next/src/lib/export/deck.tsLocation:
exportDeckPrintWhat's wrong
The code writes raw HTML from slide data directly into a new window using
<title>${escapeHtml(title)}</title> ${head} <style>...</style> ${sectionsHtml} <script>...</script> `);`. The `${head}` and `${sectionsHtml}` values are taken from untrusted slide content without any sanitisation, allowing injected scripts or malicious markup to execute in the opened window.w.document.write(Suggested fix
Sanitise or escape the injected HTML before writing it, or construct the DOM using safe APIs. For example:
About this report
This finding was generated by an automated audit tool using Llama 3.3 70B + verification passes.
Only findings with ≥92% confidence that passed both LLM self-verification and line reference
verification are reported. False positives are still possible — please verify before acting.