import { Button, ResetButtonLink } from '../../../components/controls/buttons';
import RuleTabViewer from '../../../components/rules/RuleTabViewer';
import { translate, translateWithParameters } from '../../../helpers/l10n';
-import { sanitizeString } from '../../../helpers/sanitize';
+import { sanitizeString, sanitizeUserInput } from '../../../helpers/sanitize';
import { RuleDetails } from '../../../types/types';
import { RuleDescriptionSections } from '../rule';
import RemoveExtendedDescriptionModal from './RemoveExtendedDescriptionModal';
<div
className="rule-desc spacer-bottom markdown"
// eslint-disable-next-line react/no-danger
- dangerouslySetInnerHTML={{ __html: sanitizeString(this.props.ruleDetails.htmlNote) }}
+ dangerouslySetInnerHTML={{
+ __html: sanitizeUserInput(this.props.ruleDetails.htmlNote),
+ }}
/>
)}
{this.props.canWrite && (
import Avatar from '../../../components/ui/Avatar';
import { PopupPlacement } from '../../../components/ui/popups';
import { translate, translateWithParameters } from '../../../helpers/l10n';
-import { sanitizeString } from '../../../helpers/sanitize';
+import { sanitizeUserInput } from '../../../helpers/sanitize';
import { Hotspot, ReviewHistoryType } from '../../../types/security-hotspots';
import { getHotspotReviewHistory } from '../utils';
import HotspotCommentPopup from './HotspotCommentPopup';
<div
className="markdown"
// eslint-disable-next-line react/no-danger
- dangerouslySetInnerHTML={{ __html: sanitizeString(html) }}
+ dangerouslySetInnerHTML={{ __html: sanitizeUserInput(html) }}
/>
{updatable && (
<div>
import { Alert } from '../../../components/ui/Alert';
import DeferredSpinner from '../../../components/ui/DeferredSpinner';
import { translate } from '../../../helpers/l10n';
-import { sanitizeString } from '../../../helpers/sanitize';
+import { sanitizeUserInput } from '../../../helpers/sanitize';
import { getReturnUrl } from '../../../helpers/urls';
import { IdentityProvider } from '../../../types/types';
import './Login.css';
<div
className="login-message markdown big-padded spacer-top huge-spacer-bottom"
// eslint-disable-next-line react/no-danger
- dangerouslySetInnerHTML={{ __html: sanitizeString(message) }}
+ dangerouslySetInnerHTML={{ __html: sanitizeUserInput(message) }}
/>
)}
import { Button } from '../../../../components/controls/buttons';
import EditIcon from '../../../../components/icons/EditIcon';
import { translate } from '../../../../helpers/l10n';
-import { sanitizeString } from '../../../../helpers/sanitize';
+import { sanitizeUserInput } from '../../../../helpers/sanitize';
import { DefaultSpecializedInputProps } from '../../utils';
export default function InputForFormattedText(props: DefaultSpecializedInputProps) {
<div
className="markdown-preview markdown"
// eslint-disable-next-line react/no-danger
- dangerouslySetInnerHTML={{ __html: sanitizeString(formattedValue ?? '') }}
+ dangerouslySetInnerHTML={{ __html: sanitizeUserInput(formattedValue ?? '') }}
/>
<Button className="spacer-top" onClick={props.onEditing}>
<EditIcon className="spacer-right" />
import Toggler from '../../../components/controls/Toggler';
import { PopupPlacement } from '../../../components/ui/popups';
import { translate, translateWithParameters } from '../../../helpers/l10n';
-import { sanitizeString } from '../../../helpers/sanitize';
+import { sanitizeUserInput } from '../../../helpers/sanitize';
import { IssueComment } from '../../../types/types';
import DateFromNow from '../../intl/DateFromNow';
import Avatar from '../../ui/Avatar';
<div
className="issue-comment-text markdown"
// eslint-disable-next-line react/no-danger
- dangerouslySetInnerHTML={{ __html: sanitizeString(comment.htmlText) }}
+ dangerouslySetInnerHTML={{ __html: sanitizeUserInput(comment.htmlText) }}
/>
<div className="issue-comment-age">
<span className="a11y-hidden">{translate('issue.comment.posted_on')}</span>
*/
import * as React from 'react';
import { translate, translateWithParameters } from '../../../helpers/l10n';
-import { sanitizeString } from '../../../helpers/sanitize';
+import { sanitizeUserInput } from '../../../helpers/sanitize';
import { IssueComment } from '../../../types/types';
import { DeleteButton, EditButton } from '../../controls/buttons';
import DateTimeFormatter from '../../intl/DateTimeFormatter';
<div
className="flex-1 markdown"
// eslint-disable-next-line react/no-danger
- dangerouslySetInnerHTML={{ __html: sanitizeString(comment.htmlText) }}
+ dangerouslySetInnerHTML={{ __html: sanitizeUserInput(comment.htmlText) }}
/>
)}
{showEditArea && (
export function sanitizeString(html: string) {
return sanitize(html, { USE_PROFILES: { html: true } });
}
+
+export function sanitizeUserInput(html: string) {
+ return sanitize(html, {
+ ALLOWED_TAGS: [
+ 'b',
+ 'br',
+ 'code',
+ 'i',
+ 'li',
+ 'p',
+ 'strong',
+ 'ul',
+ 'ol',
+ 'a',
+ 'h1',
+ 'h2',
+ 'h3',
+ 'h4',
+ 'h5',
+ 'h6',
+ 'blockquote',
+ 'pre',
+ ],
+ ALLOWED_ATTR: ['target', 'href'],
+ });
+}
projects / sonarqube.git / commitdiff