Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(editor): Implement HTML sanitization for Notification and Message components #4081

Merged
merged 5 commits into from
Sep 13, 2022
Merged

feat(editor): Implement HTML sanitization for Notification and Message components #4081

merged 5 commits into from
Sep 13, 2022

Conversation

OlegIvaniv
Copy link
Contributor

@OlegIvaniv
feat(editor): Implement HTML sanitization when using `dangerouslyUseH…
4b23308 
…TMLString` option of Notification and Message components
@OlegIvaniv OlegIvaniv added core Enhancement outside /nodes-base and /editor-ui ui Enhancement in /editor-ui or /design-system tech debt labels Sep 12, 2022
@OlegIvaniv OlegIvaniv self-assigned this Sep 12, 2022
@n8n-assistant n8n-assistant bot added the n8n team Authored by the n8n team label Sep 12, 2022
mutdmour
mutdmour reviewed Sep 13, 2022
View reviewed changes
Copy link
Contributor

@mutdmour mutdmour left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Just one small comment to address

packages/editor-ui/src/components/mixins/globalLinkActions.ts Show resolved Hide resolved
packages/editor-ui/src/components/mixins/pushConnection.ts Show resolved Hide resolved
@OlegIvaniv
Copy link
Contributor Author

OlegIvaniv commented Sep 13, 2022
edited
Loading

LGTM. Just one small comment to address

@mutdmour I've addressed the removal of the unused onLinkClick functionality of $showMessage. Can you please have one final look and approve if everything looks good?

@OlegIvaniv OlegIvaniv merged commit ea2d18b into master Sep 13, 2022
@OlegIvaniv OlegIvaniv deleted the n8n-4385-notification-component-xss-vulnerability branch September 13, 2022 15:39
@n8n-assistant n8n-assistant bot added the Upcoming Release Will be part of the upcoming release label Sep 13, 2022
@janober
Copy link
Member

janober commented Sep 15, 2022

Got released with n8n@0.194.0

@janober janober removed the Upcoming Release Will be part of the upcoming release label Sep 15, 2022
@Saad-ISAA Saad-ISAA mentioned this pull request Sep 15, 2022
Open
This was referenced Sep 15, 2022
Open
Open
Open
Open
@MauGal MauGal mentioned this pull request Sep 16, 2022
Open
@snyk-bot snyk-bot mentioned this pull request Sep 16, 2022
Open
@viiy viiy mentioned this pull request Sep 16, 2022
Open
@Saad-ISAA Saad-ISAA mentioned this pull request Sep 16, 2022
Open
@snyk-bot snyk-bot mentioned this pull request Sep 16, 2022
Open
@MauGal MauGal mentioned this pull request Sep 16, 2022
Open
@snyk-bot snyk-bot mentioned this pull request Sep 16, 2022
Open
@Susangriffis Susangriffis mentioned this pull request Sep 16, 2022
Open
@snyk-bot snyk-bot mentioned this pull request Sep 16, 2022
Open
@Susangriffis Susangriffis mentioned this pull request Sep 16, 2022
Open
@viiy viiy mentioned this pull request Sep 22, 2022
Open
@MauGal MauGal mentioned this pull request Oct 6, 2022
Open
valya pushed a commit to valya/n8n that referenced this pull request Nov 8, 2022
@OlegIvaniv
feat(editor): Implement HTML sanitization for Notification and Messag…
9eac090 
…e components (n8n-io#4081)

* feat(editor): Implement HTML sanitization when using `dangerouslyUseHTMLString` option of Notification and Message components

* 🐛 Implement mechanism to allow for A href actions from locale strings

* 🐛 Prevent link action default

* ♻️ Use `xss` library instead of `sanitize-html` to handle sanitization

* 🔥 Remove `onLinkClick` functionality of `$showMessage`
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mutdmour mutdmour mutdmour approved these changes

Assignees

@OlegIvaniv OlegIvaniv

Labels
core Enhancement outside /nodes-base and /editor-ui n8n team Authored by the n8n team tech debt ui Enhancement in /editor-ui or /design-system
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@OlegIvaniv @janober @mutdmour