fix: paste html (#1855)

Author: willydouhard

frontend/src/components/chat/MessageComposer/Input.tsx

@@ -34,6 +34,15 @@ export interface InputMethods {
   reset: () => void;
 }
 
+const escapeHtml = (unsafe: string) => {
+  return unsafe
+    .replace(/&/g, '&')
+    .replace(/</g, '&lt;')
+    .replace(/>/g, '&gt;')
+    .replace(/"/g, '&quot;')
+    .replace(/'/g, '&#039;');
+};
+
 const Input = forwardRef<InputMethods, Props>(
   (
     {
@@ -220,18 +229,20 @@ const Input = forwardRef<InputMethods, Props>(
       const _onPaste = (event: ClipboardEvent) => {
         event.preventDefault();
 
-        const text = event.clipboardData
-          ?.getData('text/plain')
-          .replace(/\n/g, '<br>');
-        if (text) {
+        const textData = event.clipboardData?.getData('text/plain');
+
+        if (textData) {
+          const escapedText = escapeHtml(textData);
+          const textWithNewLines = escapedText.replace(/\n/g, '<br>');
+
           const selection = window.getSelection();
           if (selection?.rangeCount) {
             const range = selection.getRangeAt(0);
             range.deleteContents();
 
             // Insert the HTML content
             const tempDiv = document.createElement('div');
-            tempDiv.innerHTML = text;
+            tempDiv.innerHTML = textWithNewLines;
             const fragment = document.createDocumentFragment();
             while (tempDiv.firstChild) {
               fragment.appendChild(tempDiv.firstChild);