From b2efd4cab0e759deef4299d88e79112b3e1e627d Mon Sep 17 00:00:00 2001
From: Charity Helms <chelms@adobe.com>
Date: Sun, 22 Feb 2026 16:09:51 -0500
Subject: [PATCH] santizeHTML

---
 blocks/cc-hero-slider/cc-hero-slider.js | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/blocks/cc-hero-slider/cc-hero-slider.js b/blocks/cc-hero-slider/cc-hero-slider.js
index 6e9b212a..20580161 100644
--- a/blocks/cc-hero-slider/cc-hero-slider.js
+++ b/blocks/cc-hero-slider/cc-hero-slider.js
@@ -1,5 +1,5 @@
 import { loadScript, loadCSS } from '../../scripts/aem.js';
-import { moveInstrumentation } from '../../scripts/scripts.js';
+import { moveInstrumentation, sanitizeHTML } from '../../scripts/scripts.js';
 
 /**
  * Decorates the CC Hero Slider block
@@ -58,16 +58,16 @@ export default async function decorate(block) {
 
     // Fourth div: Pop-up trigger CTA text (optional)
     const popupTriggerDiv = children[3];
-    if (popupTriggerDiv && popupTriggerDiv.textContent.trim()) {
+    if (popupTriggerDiv?.textContent.trim()) {
       const popupTrigger = document.createElement('div');
       popupTrigger.className = 'cc-hero-slider-popup-trigger';
-      popupTrigger.innerHTML = popupTriggerDiv.innerHTML;
+      popupTrigger.innerHTML = sanitizeHTML(popupTriggerDiv.innerHTML);
       swiperSlide.appendChild(popupTrigger);
     }
 
     // Fifth div: Pop-up ID (optional) - store as data attribute
     const popupIdDiv = children[4];
-    if (popupIdDiv && popupIdDiv.textContent.trim()) {
+    if (popupIdDiv?.textContent.trim()) {
       swiperSlide.dataset.popupId = popupIdDiv.textContent.trim();
     }