[🔒] Resolved another potential XSS attack

src/builtin/apps/browser.ts

@@ -2,6 +2,7 @@ import icon from '../../assets/icons/web-browser.svg'
 import { App } from '../../types'
 
 import FlowWindow from '../../structures/FlowWindow'
+import { sanitize } from '../../utils'
 
 export default class BrowserApp implements App {
   meta = {
@@ -89,7 +90,7 @@ export default class BrowserApp implements App {
           if (this === tabManager.activeTab) {
             (win.content.querySelector('.toggle') as HTMLElement).innerHTML = 'toggle_off'
           }
-          this.iframe.src = win.content.querySelector('input')?.value as string
+          this.iframe.src = sanitize(win.content.querySelector('input')?.value as string)
         } else {
           if (this === tabManager.activeTab) {
             (win.content.querySelector('.toggle') as HTMLElement).innerHTML = 'toggle_on'
@@ -167,7 +168,7 @@ export default class BrowserApp implements App {
         if (tabManager.activeTab.proxy) {
           tabManager.activeTab.iframe.src = `/service/${xor.encode((win.content.querySelector('.inp') as HTMLInputElement).value)}`
         } else {
-          tabManager.activeTab.iframe.src = (win.content.querySelector('.inp') as HTMLInputElement).value
+          tabManager.activeTab.iframe.src = sanitize((win.content.querySelector('.inp') as HTMLInputElement).value)
         }
       }
     })