Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix XSS security with the wysiwyg preview #8440

Merged
merged 1 commit into from Oct 22, 2020
Merged

Fix XSS security with the wysiwyg preview #8440

merged 1 commit into from Oct 22, 2020

Conversation

soupette
Copy link
Contributor

Signed-off-by: soupette cyril.lpz@gmail.com

What does it do?

The PR fixes a security vulnerability with the WYSIWYG preview.

@soupette
Fix XSS wysiwyg preview
aedac98 
Signed-off-by: soupette <cyril.lpz@gmail.com>
@soupette soupette requested a review from a team as a code owner October 22, 2020 14:15
@alexandrebodin alexandrebodin added source: core:content-manager Source is core/content-manager package issue: security Issue reporting a security problem labels Oct 22, 2020
@alexandrebodin alexandrebodin added this to the 3.2.5 milestone Oct 22, 2020
@codecov
Copy link

codecov bot commented Oct 22, 2020
edited

Codecov Report

Merging #8440 into master will decrease coverage by 0.00%.
The diff coverage is 0.00%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #8440      +/-   ##
==========================================
- Coverage   33.27%   33.26%   -0.01%     
==========================================
  Files        1220     1221       +1     
  Lines       13625    13629       +4     
  Branches     1357     1357              
==========================================
  Hits         4534     4534              
- Misses       8207     8211       +4     
  Partials      884      884
Flag Coverage Δ
#front 24.71% <0.00%> (-0.02%) ⬇️
#unit 54.69% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
...nager/admin/src/components/PreviewWysiwyg/index.js 0.00% <0.00%> (ø)
...rc/components/PreviewWysiwyg/utils/satinizeHtml.js 0.00% <0.00%> (ø)

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 4d00bc0...aedac98. Read the comment docs.

alexandrebodin
alexandrebodin approved these changes Oct 22, 2020
View reviewed changes
Copy link
Member

@alexandrebodin alexandrebodin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested, works great

@alexandrebodin alexandrebodin merged commit b324020 into master Oct 22, 2020
@alexandrebodin alexandrebodin deleted the fix/preview-security branch October 22, 2020 14:32
This was referenced Mar 10, 2021
Open
Open
This was referenced Mar 18, 2021
Closed
Closed
This was referenced Jun 6, 2021
Closed
Closed
Closed
Closed
@renovate renovate bot mentioned this pull request Jun 14, 2021
Open
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alexandrebodin alexandrebodin alexandrebodin approved these changes

Assignees
No one assigned
Labels
issue: security Issue reporting a security problem source: core:content-manager Source is core/content-manager package
Projects
None yet
Milestone
3.2.5
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@soupette @alexandrebodin