security: sanitize HTML in marketing demo

Apply sanitizeEntryContent() to dangerouslySetInnerHTML in the
interactive demo component. Content comes from the database and
should be sanitized before rendering on the public marketing page.

1 files changed, 3 insertions, 2 deletions

diff --git a/apps/web/app/(marketing)/_components/interactive-demo.tsx b/apps/web/app/(marketing)/_components/interactive-demo.tsx
index a1c3755..3dbcec0 100644
--- a/apps/web/app/(marketing)/_components/interactive-demo.tsx
+++ b/apps/web/app/(marketing)/_components/interactive-demo.tsx
@@ -3,6 +3,7 @@
 import { useState } from "react"
 import { formatDistanceToNow } from "date-fns"
 import { classNames } from "@/lib/utilities"
+import { sanitizeEntryContent } from "@/lib/sanitize"
 import type { ShowcaseEntry, ShowcaseFeed } from "./showcase-types"
 
 function estimateReadingTimeMinutes(html: string): number {
@@ -156,7 +157,7 @@ function DemoDetailPane({ entry }: { entry: ShowcaseEntry | null }) {
         {entry.contentHtml ? (
           <div
             className="prose-reader text-text-secondary"
-            dangerouslySetInnerHTML={{ __html: entry.contentHtml }}
+            dangerouslySetInnerHTML={{ __html: sanitizeEntryContent(entry.contentHtml) }}
           />
         ) : entry.summary ? (
           <p className="text-text-secondary">{entry.summary}</p>
@@ -201,7 +202,7 @@ function DemoMobileDetail({
           {entry.contentHtml ? (
             <div
               className="prose-reader text-text-secondary"
-              dangerouslySetInnerHTML={{ __html: entry.contentHtml }}
+              dangerouslySetInnerHTML={{ __html: sanitizeEntryContent(entry.contentHtml) }}
             />
           ) : entry.summary ? (
             <p className="text-text-secondary">{entry.summary}</p>