[arvados-workbench2] updated: 2.7.0-13-gcba2e466
git repository hosting
git at public.arvados.org
Tue Oct 17 20:36:50 UTC 2023
Summary of changes:
src/common/html-sanitize.ts | 2 +-
src/views-components/main-app-bar/main-app-bar.tsx | 3 ++-
src/views/inactive-panel/inactive-panel.tsx | 3 ++-
src/views/login-panel/login-panel.tsx | 3 ++-
src/views/virtual-machine-panel/virtual-machine-user-panel.tsx | 3 ++-
5 files changed, 9 insertions(+), 5 deletions(-)
via cba2e466c8708c1a89ae2d766d31fa9d04d6f3be (commit)
from 461a55e53382e6acd402fc5c5ff3f944865daac2 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
commit cba2e466c8708c1a89ae2d766d31fa9d04d6f3be
Author: Lisa Knox <lisaknox83 at gmail.com>
Date: Tue Oct 17 16:36:44 2023 -0400
21026: applied sanitization in 4 files Arvados-DCO-1.1-Signed-off-by: Lisa Knox <lisa.knox at curii.com>
diff --git a/src/common/html-sanitize.ts b/src/common/html-sanitize.ts
index 2bb43d08..93ebfaa2 100644
--- a/src/common/html-sanitize.ts
+++ b/src/common/html-sanitize.ts
@@ -42,7 +42,7 @@ const domPurifyConfig: TDomPurifyConfig = {
'sup',
'ul',
],
- ALLOWED_ATTR: ['src', 'width', 'height', 'href', 'alt', 'title'],
+ ALLOWED_ATTR: ['src', 'width', 'height', 'href', 'alt', 'title', 'style' ],
};
export const sanitizeHTML = (dirtyInput: string): string => DOMPurify.sanitize(dirtyInput, domPurifyConfig);
diff --git a/src/views-components/main-app-bar/main-app-bar.tsx b/src/views-components/main-app-bar/main-app-bar.tsx
index 60ce68e9..c57d5cd8 100644
--- a/src/views-components/main-app-bar/main-app-bar.tsx
+++ b/src/views-components/main-app-bar/main-app-bar.tsx
@@ -15,6 +15,7 @@ import { HelpMenu } from 'views-components/main-app-bar/help-menu';
import { ReactNode } from "react";
import { AdminMenu } from "views-components/main-app-bar/admin-menu";
import { pluginConfig } from 'plugins';
+import { sanitizeHTML } from "common/html-sanitize";
type CssRules = 'toolbar' | 'link';
@@ -47,7 +48,7 @@ export const MainAppBar = withStyles(styles)(
{pluginConfig.appBarLeft || <Grid container item xs={3} direction="column" justify="center">
<Typography variant='h6' color="inherit" noWrap>
<Link to={Routes.ROOT} className={props.classes.link}>
- <span dangerouslySetInnerHTML={{ __html: props.siteBanner }} /> ({props.uuidPrefix})
+ <span dangerouslySetInnerHTML={{ __html: sanitizeHTML(props.siteBanner) }} /> ({props.uuidPrefix})
</Link>
</Typography>
<Typography variant="caption" color="inherit">
diff --git a/src/views/inactive-panel/inactive-panel.tsx b/src/views/inactive-panel/inactive-panel.tsx
index 064add3a..be765706 100644
--- a/src/views/inactive-panel/inactive-panel.tsx
+++ b/src/views/inactive-panel/inactive-panel.tsx
@@ -10,6 +10,7 @@ import { StyleRulesCallback, WithStyles, withStyles } from '@material-ui/core/st
import { ArvadosTheme } from 'common/custom-theme';
import { navigateToLinkAccount } from 'store/navigation/navigation-action';
import { RootState } from 'store/store';
+import { sanitizeHTML } from 'common/html-sanitize';
export type CssRules = 'root' | 'ontop' | 'title';
@@ -57,7 +58,7 @@ export const InactivePanelRoot = ({ classes, startLinking, inactivePageText, isL
style={{ marginTop: 56, height: "100%" }}>
<Grid item>
<Typography>
- <span dangerouslySetInnerHTML={{ __html: inactivePageText }} style={{ margin: "1em" }} />
+ <span dangerouslySetInnerHTML={{ __html: sanitizeHTML(inactivePageText) }} style={{ margin: "1em" }} />
</Typography>
</Grid>
{ !isLoginClusterFederation
diff --git a/src/views/login-panel/login-panel.tsx b/src/views/login-panel/login-panel.tsx
index 110097be..f834b3b6 100644
--- a/src/views/login-panel/login-panel.tsx
+++ b/src/views/login-panel/login-panel.tsx
@@ -12,6 +12,7 @@ import { RootState } from 'store/store';
import { LoginForm } from 'views-components/login-form/login-form';
import Axios from 'axios';
import { Config } from 'common/config';
+import { sanitizeHTML } from 'common/html-sanitize';
type CssRules = 'root' | 'container' | 'title' | 'content' | 'content__bolder' | 'button';
@@ -98,7 +99,7 @@ export const LoginPanel = withStyles(styles)(
style={{ marginTop: 56, overflowY: "auto", height: "100%" }}>
<Grid item className={classes.container}>
<Typography component="div">
- <div dangerouslySetInnerHTML={{ __html: welcomePage }} style={{ margin: "1em" }} />
+ <div dangerouslySetInnerHTML={{ __html: sanitizeHTML(welcomePage) }} style={{ margin: "1em" }} />
</Typography>
{Object.keys(remoteHosts).length > 1 && loginCluster === "" &&
diff --git a/src/views/virtual-machine-panel/virtual-machine-user-panel.tsx b/src/views/virtual-machine-panel/virtual-machine-user-panel.tsx
index 751ca5f1..56c92805 100644
--- a/src/views/virtual-machine-panel/virtual-machine-user-panel.tsx
+++ b/src/views/virtual-machine-panel/virtual-machine-user-panel.tsx
@@ -18,6 +18,7 @@ import parse from "parse-duration";
import { CopyIcon } from 'components/icon/icon';
import CopyToClipboard from 'react-copy-to-clipboard';
import { snackbarActions, SnackbarKind } from 'store/snackbar/snackbar-actions';
+import { sanitizeHTML } from 'common/html-sanitize';
type CssRules = 'button' | 'codeSnippet' | 'link' | 'linkIcon' | 'rightAlign' | 'cardWithoutMachines' | 'icon' | 'chipsRoot' | 'copyIcon' | 'tableWrapper' | 'webshellButton';
@@ -269,7 +270,7 @@ const CardSSHSection = (props: VirtualMachineProps) =>
<Card>
<CardContent>
<Typography>
- <div dangerouslySetInnerHTML={{ __html: props.helpText }} style={{ margin: "1em" }} />
+ <div dangerouslySetInnerHTML={{ __html: sanitizeHTML(props.helpText) }} style={{ margin: "1em" }} />
</Typography>
</CardContent>
</Card>
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list