Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: (CXSPA-1128) - Select a11y directive sanitized innerText #19408

Open
wants to merge 5 commits into
base: develop
Choose a base branch
from
Open

fix: (CXSPA-1128) - Select a11y directive sanitized innerText #19408

wants to merge 5 commits into from
+14 −5

Conversation

Pio-Bar
Copy link
Contributor

@Pio-Bar Pio-Bar commented Oct 16, 2024

Fixes vulnerability introduced by ec946e9
Sanitizing the text should prevent a potential XSS.

@Pio-Bar Pio-Bar requested a review from a team as a code owner October 16, 2024 14:13
@github-actions github-actions bot marked this pull request as draft October 16, 2024 14:13
@Pio-Bar Pio-Bar marked this pull request as ready for review October 16, 2024 14:13
@github-actions GitHub Actions
Copy link
Contributor

Merge Checks Failed

Please push a commit to re-trigger the build. 
To push an empty commit you can use `git commit --allow-empty -m "Trigger Build"`

@github-actions github-actions bot marked this pull request as draft October 16, 2024 14:15
@Pio-Bar Pio-Bar marked this pull request as ready for review October 16, 2024 14:27
@cypress Cypress
Copy link

cypress bot commented Oct 16, 2024
edited
Loading

spartacus    Run #45401

Run Properties:  status check passed Passed #45401  •  git commit eec628701c ℹ️: Merge 43a58e92119658f4920490d81825a58975d639db into 96d44a9bb171ed42d7c2f83e86ae...
Project spartacus
Run status status check passed Passed #45401
Run duration 03m 54s
Commit git commit eec628701c ℹ️: Merge 43a58e92119658f4920490d81825a58975d639db into 96d44a9bb171ed42d7c2f83e86ae...
Committer PioBar
View all properties for this run ↗︎
Test results
Tests that failed  Failures 0
Tests that were flaky  Flaky 3
Tests that did not run due to a developer annotating a test with .skip  Pending 2
Tests that did not run due to a failure in a mocha hook  Skipped 0
Tests that passed  Passing 125

giancorderoortiz
giancorderoortiz approved these changes Oct 18, 2024
View reviewed changes
Copy link
Contributor

@giancorderoortiz giancorderoortiz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok.

See comments in https://v17.angular.io/api/platform-browser/DomSanitizer
"...
If the security context is HTML and the given value is a plain string, this method sanitizes the string, removing any potentially unsafe content. For any other security context, this method throws an error if provided with a plain string.
..."

@github-actions github-actions bot marked this pull request as draft October 18, 2024 14:12
@giancorderoortiz giancorderoortiz marked this pull request as ready for review October 18, 2024 14:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@giancorderoortiz giancorderoortiz giancorderoortiz approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Pio-Bar @giancorderoortiz