Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update configAggregator.js Sanetize DOM Text Interpreted As HTML #4360

Open
wants to merge 2 commits into
base: develop
Choose a base branch
from
Open

Update configAggregator.js Sanetize DOM Text Interpreted As HTML #4360

wants to merge 2 commits into from
+11 −1

Conversation

Shivam7-1
Copy link

Description

Sanitize HTML content using DOMPurify before returning it in richContent. This ensures safe rendering of potentially untrusted HTML, protecting against XSS attacks. The innerHTML of the first child node is sanitized before being returned, improving security.

@Shivam7-1
Copy link
Author

Hii @glo82145 Could Team Please Review This PR
Thanks & Regards

@pwa-studio-bot
Copy link
Collaborator

Fails
🚫

node failed.
🚫 A version label is required. A maintainer must add one.
🚫

Unable to build scaffolded project.

yarn build

within a scaffolded project directory failed.
Learn more about Scaffolding at https://magento.github.io/pwa-studio/pwa-buildpack/scaffolding/.
🚫

Unit tests in the following files did not pass 😔. All tests must pass before this PR can be merged

  • packages/pagebuilder/lib/__tests__/factory.spec.js
  • packages/pagebuilder/lib/ContentTypes/Block/__tests__/block.spec.js
  • packages/pagebuilder/lib/__tests__/config.spec.js
  • packages/pagebuilder/lib/ContentTypes/Block/__tests__/configAggregator.spec.js
🚫

No linked issue found. Please link a relevant open issue by adding the text "closes #<issue_number>" or "closes JIRA-<issue_number>" in your PR.
🚫 Missing "Verification Steps" section. Please add it back, with detail.
Messages
📖 DangerCI Failures related to missing labels/description/linked issues/etc will persist until the next push or next pr-test build run (assuming they are fixed).
📖

Access a deployed version of this PR here. Make sure to wait for the "pwa-pull-request-deploy" job to complete.

Log



ERROR ON TASK: unitTests






ERROR ON TASK: scaffoldingSucceeds



Error:  Danger had errors running. See message(s) above for more details.
danger-results://tmp/danger-results.json



If your PR is missing information, check against the original template here. At a minimum you must have the section headers from the template and provide some information in each section.



  Generated by 🚫 dangerJS against 10b60ce


      		
    

  





        


            

            

              
            

        

      


      

            
  

    
  
    
    

  

  



    












      

  
      



  

  @Shivam7-1





  


    

      

  

    

        
    
    

  


      
          
  
      
            Copy link

  

      
    

  


  

      



      

  Author


  


  

    

  





      


        


  
    

      
          
Hii @glo82145 Could Team Please Review This PR

Thanks & Regards

      		
    

  





        


            

            

              
            

        

      


      

            
  

    
  
    
    

  

  



    












      

  
      



  

  @Shivam7-1





  


    

      

  

    

        
    
    

  


      
          
  
      
            Copy link

  

      
    

  


  

      



      

  Author


  


  

    

  





      


        


  
    

      
          
Hii @glo42707 @glo82145 Could Team Please Review This PR

Thanks

      		
    

  





        


            

            

              
            

        

      


      

            
  

    
  
    
    

  

  



    












      

  
      



  

  @Shivam7-1





  


    

      

  

    

        
    
    

  


      
          
  
      
            Copy link

  

      
    

  


  

      



      

  Author


  


  

    

  





      


        


  
    

      
          
Hii @engcom-Hotel @engcom-Charlie Could Team Please Review This PR also if possible

Thanks

      		
    

  





        


            

            

              
            

        

      


      

            
  

    
  
    
    

  

  



    












      

  
      



  

  @engcom-Hotel





  


    

      

  

    

        
    
    

  


      
          
  
      
            Copy link

  

      
    

  


  

      



      

  


  

    

  





      


        


  
    

      
          
Hey @glo42707 we request you to please look into this.

      		
    

  





        


            

            

              
            

        

      


      

            
  

    
  
    
    

  

  



    












      

  
          

  
  

  
      @glo42707
  glo42707


          requested a review
  from glo82145


    December 17, 2024 09:32    
    









      

  
      



  

  @Shivam7-1





  


    

      

  

    

        
    
    

  


      
          
  
      
            Copy link

  

      
    

  


  

      



      

  Author


  


  

    

  





      


        


  
    

      
          
Hii @glo82145 Could you please Review this PR

Thanks

      		
    

  





        


            

            

              
            

        

      


      

            
  

    
  
    
    

  

  



    












      

  
        





      

  
            


  
    







      

  
        





      

  
      



  

  @Shivam7-1





  


    

      

  

    

        
    
    

  


      
          
  
      
            Copy link

  

      
    

  


  

      



      

  Author


  


  

    

  





      


        


  
    

      
          
Hii @glo82145

I got the Problem as package.json don't have dompurify dependencies install so added

Could You Please Review This again

      		
    

  





        


            

            

              
            

        

      


      

            
  

    
  
    
    

  

  



    
















  
  

    

      

  




    


    

      

              

  
    Sign up for free
    to join this conversation on GitHub.
    Already have an account?
    Sign in to comment


  



      

    

  




  
          




      

  

    
    

    
  

    Reviewers
  


    


        

          

  
      @glo82145
  
    glo82145



          
            
              
            
          
          glo82145 left review comments

        


        

      At least 1 approving review is required to merge this pull request.
  








    

  


      
  

    Assignees
  



        

      

        

  
      @glo82145
  
    glo82145
    

      








      


  


  

    Labels
  



    

      

    pkg:pagebuilder

  

    Progress: review









      

  

    

        

    Projects
  


        




    None yet




  



      


  

    
  

    Milestone
  


      No milestone





    
      
          


  

    
      

        
    

    Development
  



          


Successfully merging this pull request may close these issues.



  


    
  




      

    

  
      

  

    

      4 participants
    

    

        
          @Shivam7-1 
        
          @pwa-studio-bot 
        
          @engcom-Hotel 
        
          @glo82145