[arvados-workbench2] updated: 2.7.0-14-gba12e336

git repository hosting git at public.arvados.org
Wed Oct 18 20:10:46 UTC 2023 

Summary of changes:
 src/common/html-sanitize.ts           | 4 +++-
 src/views-components/baner/banner.tsx | 3 ++-
 2 files changed, 5 insertions(+), 2 deletions(-)

       via  ba12e336967fad5b32c1a6599aa15296b6d36ccc (commit)
      from  cba2e466c8708c1a89ae2d766d31fa9d04d6f3be (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.


commit ba12e336967fad5b32c1a6599aa15296b6d36ccc
Author: Lisa Knox <lisaknox83 at gmail.com>
Date:   Wed Oct 18 16:10:42 2023 -0400

    21026: sanitized banner and reworked banner.html to accommodate files Arvados-DCO-1.1-Signed-off-by: Lisa Knox <lisa.knox at curii.com>

diff --git a/src/common/html-sanitize.ts b/src/common/html-sanitize.ts
index 93ebfaa2..79ed9349 100644
--- a/src/common/html-sanitize.ts
+++ b/src/common/html-sanitize.ts
@@ -41,9 +41,11 @@ const domPurifyConfig: TDomPurifyConfig = {
         'sub',
         'sup',
         'ul',
+        'span',
+        'section'
     ],
     ALLOWED_ATTR: ['src', 'width', 'height', 'href', 'alt', 'title', 'style' ],
 };
 
-export const sanitizeHTML = (dirtyInput: string): string => DOMPurify.sanitize(dirtyInput, domPurifyConfig);
+export const sanitizeHTML = (dirtyString: string): string => DOMPurify.sanitize(dirtyString, domPurifyConfig);
 
diff --git a/src/views-components/baner/banner.tsx b/src/views-components/baner/banner.tsx
index 7e39186c..ac5b8943 100644
--- a/src/views-components/baner/banner.tsx
+++ b/src/views-components/baner/banner.tsx
@@ -10,6 +10,7 @@ import bannerActions from "store/banner/banner-action";
 import { ArvadosTheme } from "common/custom-theme";
 import servicesProvider from "common/service-provider";
 import { Dispatch } from "redux";
+import { sanitizeHTML } from "common/html-sanitize";
 
 type CssRules = "dialogContent" | "dialogContentIframe";
 
@@ -92,7 +93,7 @@ export const BannerComponent = (props: BannerComponentProps) => {
         >
             <div data-cy="confirmation-dialog">
                 <DialogContent className={props.classes.dialogContent}>
-                    <div dangerouslySetInnerHTML={{ __html: bannerContents }}></div>
+                    <div dangerouslySetInnerHTML={{ __html: sanitizeHTML(bannerContents) }}></div>
                 </DialogContent>
                 <DialogActions style={{ margin: "0px 24px 24px" }}>
                     <Button

-----------------------------------------------------------------------


hooks/post-receive
--

More information about the arvados-commits mailing list