-
Notifications
You must be signed in to change notification settings - Fork 384
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: (CXSPA-1128) - Select a11y directive sanitized innerText #19408
base: develop
Are you sure you want to change the base?
Conversation
Merge Checks Failed
|
spartacus Run #45401
Run Properties:
|
Project |
spartacus
|
Run status |
Passed #45401
|
Run duration | 03m 54s |
Commit |
eec628701c ℹ️: Merge 43a58e92119658f4920490d81825a58975d639db into 96d44a9bb171ed42d7c2f83e86ae...
|
Committer | PioBar |
View all properties for this run ↗︎ |
Test results | |
---|---|
Failures |
0
|
Flaky |
3
|
Pending |
2
|
Skipped |
0
|
Passing |
125
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ok.
See comments in https://v17.angular.io/api/platform-browser/DomSanitizer
"...
If the security context is HTML and the given value is a plain string, this method sanitizes the string, removing any potentially unsafe content. For any other security context, this method throws an error if provided with a plain string.
..."
Fixes vulnerability introduced by ec946e9
Sanitizing the text should prevent a potential XSS.