From b89ebfff4f66d6ac76832346a05e197b22176dee Mon Sep 17 00:00:00 2001
From: Yash Rajpal <58601732+yash-rajpal@users.noreply.github.com>
Date: Wed, 8 Jun 2022 02:11:38 +0530
Subject: [PATCH] [FIX] Sanitize styles in message (#25744)

---
 apps/meteor/app/markdown/lib/parser/marked/marked.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/meteor/app/markdown/lib/parser/marked/marked.js b/apps/meteor/app/markdown/lib/parser/marked/marked.js
index 7739fe77b7d..22f7974fcac 100644
--- a/apps/meteor/app/markdown/lib/parser/marked/marked.js
+++ b/apps/meteor/app/markdown/lib/parser/marked/marked.js
@@ -100,7 +100,7 @@ export const marked = (message, { marked: { gfm, tables, breaks, pedantic, smart
 
 	const window = getGlobalWindow();
 	const DomPurify = createDOMPurify(window);
-	message.html = DomPurify.sanitize(message.html, { ADD_ATTR: ['target'] });
+	message.html = DomPurify.sanitize(message.html, { ADD_ATTR: ['target'], FORBID_ATTR: ['style'], FORBID_TAGS: ['style'] });
 
 	return message;
 };