From 90899f0928274cbc30ed3d6df0227664efcd2584 Mon Sep 17 00:00:00 2001
From: Lauri Ojansivu <x@xet7.org>
Date: Sat, 11 Oct 2025 00:49:43 +0300
Subject: [PATCH] Fix DOMPurify paths.

Thanks to xet7 !
---
 client/components/activities/activities.js    | 2 +-
 client/components/cards/attachments.js        | 4 ++--
 client/components/cards/cardDetails.js        | 2 +-
 client/components/cards/minicard.js           | 2 +-
 client/components/main/editor.js              | 2 +-
 models/cardComments.js                        | 2 +-
 models/cards.js                               | 4 ++--
 models/lists.js                               | 4 ++--
 packages/markdown/src/template-integration.js | 2 +-
 9 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/client/components/activities/activities.js b/client/components/activities/activities.js
index e6a72cb68..580852c66 100644
--- a/client/components/activities/activities.js
+++ b/client/components/activities/activities.js
@@ -1,6 +1,6 @@
 import { ReactiveCache } from '/imports/reactiveCache';
 import DOMPurify from 'dompurify';
-import { sanitizeHTML, sanitizeText } from '/client/lib/secureDOMPurify';
+import { sanitizeHTML, sanitizeText } from '../../lib/secureDOMPurify';
 import { TAPi18n } from '/imports/i18n';
 
 const activitiesPerPage = 500;
diff --git a/client/components/cards/attachments.js b/client/components/cards/attachments.js
index c5719655f..80e9b1682 100644
--- a/client/components/cards/attachments.js
+++ b/client/components/cards/attachments.js
@@ -1,8 +1,8 @@
 import { ReactiveCache } from '/imports/reactiveCache';
 import { ObjectID } from 'bson';
 import DOMPurify from 'dompurify';
-import { sanitizeHTML, sanitizeText } from '/client/lib/secureDOMPurify';
-import uploadProgressManager from '/client/lib/uploadProgressManager';
+import { sanitizeHTML, sanitizeText } from '../../lib/secureDOMPurify';
+import uploadProgressManager from '../../lib/uploadProgressManager';
 
 const filesize = require('filesize');
 const prettyMilliseconds = require('pretty-ms');
diff --git a/client/components/cards/cardDetails.js b/client/components/cards/cardDetails.js
index 8927352c6..d114fcd3b 100644
--- a/client/components/cards/cardDetails.js
+++ b/client/components/cards/cardDetails.js
@@ -13,7 +13,7 @@ import { ALLOWED_COLORS } from '/config/const';
 import { UserAvatar } from '../users/userAvatar';
 import { DialogWithBoardSwimlaneList } from '/client/lib/dialogWithBoardSwimlaneList';
 import { handleFileUpload } from './attachments';
-import uploadProgressManager from '/client/lib/uploadProgressManager';
+import uploadProgressManager from '../../lib/uploadProgressManager';
 
 const subManager = new SubsManager();
 const { calculateIndexData } = Utils;
diff --git a/client/components/cards/minicard.js b/client/components/cards/minicard.js
index 86ea11f3c..a95c41d83 100644
--- a/client/components/cards/minicard.js
+++ b/client/components/cards/minicard.js
@@ -2,7 +2,7 @@ import { ReactiveCache } from '/imports/reactiveCache';
 import { TAPi18n } from '/imports/i18n';
 import { CustomFieldStringTemplate } from '/client/lib/customFields';
 import { handleFileUpload } from './attachments';
-import uploadProgressManager from '/client/lib/uploadProgressManager';
+import uploadProgressManager from '../../lib/uploadProgressManager';
 
 // Template.cards.events({
 //   'click .member': Popup.open('cardMember')
diff --git a/client/components/main/editor.js b/client/components/main/editor.js
index 149dbefbd..4d1b227d9 100644
--- a/client/components/main/editor.js
+++ b/client/components/main/editor.js
@@ -325,7 +325,7 @@ BlazeComponent.extendComponent({
 }).register('editor');
 
 import DOMPurify from 'dompurify';
-import { sanitizeHTML } from '/client/lib/secureDOMPurify';
+import { sanitizeHTML } from '../lib/secureDOMPurify';
 
 // Additional  safeAttrValue function to allow for other specific protocols
 // See https://github.com/leizongmin/js-xss/issues/52#issuecomment-241354114
diff --git a/models/cardComments.js b/models/cardComments.js
index d5ee7e8fc..dc82b0fdd 100644
--- a/models/cardComments.js
+++ b/models/cardComments.js
@@ -1,7 +1,7 @@
 import { ReactiveCache } from '/imports/reactiveCache';
 import escapeForRegex from 'escape-string-regexp';
 import DOMPurify from 'dompurify';
-import { sanitizeText } from '/client/lib/secureDOMPurify';
+import { sanitizeText } from '../client/lib/secureDOMPurify';
 
 CardComments = new Mongo.Collection('card_comments');
 
diff --git a/models/cards.js b/models/cards.js
index 7c80072e0..4374576b6 100644
--- a/models/cards.js
+++ b/models/cards.js
@@ -1759,7 +1759,7 @@ Cards.helpers({
     // Sanitize title on client side as well
     let sanitizedTitle = title;
     if (typeof title === 'string') {
-      const { sanitizeTitle } = require('/server/lib/inputSanitizer');
+      const { sanitizeTitle } = require('../server/lib/inputSanitizer');
       sanitizedTitle = sanitizeTitle(title);
       if (process.env.DEBUG === 'true' && sanitizedTitle !== title) {
         console.warn('Client-side sanitized card title:', title, '->', sanitizedTitle);
@@ -3575,7 +3575,7 @@ JsonRoutes.add('GET', '/api/boards/:boardId/cards_count', function(
       Authentication.checkBoardAccess(req.userId, paramBoardId);
 
       if (req.body.title) {
-        const { sanitizeTitle } = require('/server/lib/inputSanitizer');
+        const { sanitizeTitle } = require('../server/lib/inputSanitizer');
         const newTitle = sanitizeTitle(req.body.title);
 
         if (process.env.DEBUG === 'true' && newTitle !== req.body.title) {
diff --git a/models/lists.js b/models/lists.js
index f04e61546..ca9808e68 100644
--- a/models/lists.js
+++ b/models/lists.js
@@ -315,7 +315,7 @@ Lists.mutations({
   rename(title) {
     // Sanitize title on client side as well
     if (typeof title === 'string') {
-      const { sanitizeTitle } = require('/server/lib/inputSanitizer');
+      const { sanitizeTitle } = require('../server/lib/inputSanitizer');
       const sanitizedTitle = sanitizeTitle(title);
       if (process.env.DEBUG === 'true' && sanitizedTitle !== title) {
         console.warn('Client-side sanitized list title:', title, '->', sanitizedTitle);
@@ -653,7 +653,7 @@ if (Meteor.isServer) {
 
       // Update title if provided
       if (req.body.title) {
-        const { sanitizeTitle } = require('/server/lib/inputSanitizer');
+        const { sanitizeTitle } = require('../server/lib/inputSanitizer');
         const newTitle = sanitizeTitle(req.body.title);
 
         if (process.env.DEBUG === 'true' && newTitle !== req.body.title) {
diff --git a/packages/markdown/src/template-integration.js b/packages/markdown/src/template-integration.js
index aecd46f2c..d7b51cdfa 100644
--- a/packages/markdown/src/template-integration.js
+++ b/packages/markdown/src/template-integration.js
@@ -1,5 +1,5 @@
 import DOMPurify from 'dompurify';
-import { getSecureDOMPurifyConfig } from '/client/lib/secureDOMPurify';
+import { getSecureDOMPurifyConfig } from '../../../client/lib/secureDOMPurify';
 
 var Markdown = require('markdown-it')({
   html: true,