Uploaded image for project: 'SonarQube'
  1. SonarQube
  2. SONAR-14670

Wrap calls to dompurify

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 8.9
    • Component/s: Web
    • Edition:
      Community
    • Production Notes:
      None

      Description

      We use sanitize from dompurify in a few places in the code. We should wrap those calls and use the HTML profile to exclude SVG and MathML.

      This will enable us to be sure we are unaffected by attacks using those vectors.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              wouter.admiraal Wouter Admiraal
              Reporter:
              jeremy.davis Jeremy Davis
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Due:
                Created:
                Updated:
                Resolved: