From ad55131831307920b18f600f5eb5c04d384817cf Mon Sep 17 00:00:00 2001
From: rugk <rugk+git@posteo.de>
Date: Sat, 15 Nov 2025 09:57:39 +0000
Subject: [PATCH] refactor: use given HTML config for DOMPurify

---
 js/privatebin.js | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/js/privatebin.js b/js/privatebin.js
index c02767e2..f8a55cbe 100644
--- a/js/privatebin.js
+++ b/js/privatebin.js
@@ -812,12 +812,11 @@ jQuery.PrivateBin = (function($) {
 
             if (containsHtml) {
                 // only allow tags/attributes we actually use in translations
-                output = DOMPurify.sanitize(
-                    output, {
+                const sanitizeConfig = Object.assign({}, purifyHtmlConfig, {
                         ALLOWED_TAGS: ['a', 'i', 'span', 'kbd'],
                         ALLOWED_ATTR: ['href', 'id']
-                    }
-                );
+                });
+                output = DOMPurify.sanitize(output, sanitizeConfig);
             }
 
             // if $element is given, insert translation