* along with this program; if not, write to the Free Software Foundation,
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
+import { sanitize } from 'dompurify';
import * as React from 'react';
+import { activateRule, Profile } from '../../../api/quality-profiles';
import Modal from '../../../components/controls/Modal';
import Select from '../../../components/controls/Select';
import SeverityHelper from '../../../components/shared/SeverityHelper';
-import { activateRule, Profile } from '../../../api/quality-profiles';
+import { Alert } from '../../../components/ui/Alert';
+import { ResetButtonLink, SubmitButton } from '../../../components/ui/buttons';
import { SEVERITIES } from '../../../helpers/constants';
import { translate } from '../../../helpers/l10n';
import { sortProfiles } from '../../quality-profiles/utils';
-import { SubmitButton, ResetButtonLink } from '../../../components/ui/buttons';
-import { Alert } from '../../../components/ui/Alert';
interface Props {
activation?: T.RuleActivation;
)}
<div
className="note"
- // Safe: defined by rule creator (instance admin?)
- dangerouslySetInnerHTML={{ __html: param.htmlDesc || '' }}
+ // eslint-disable-next-line react/no-danger
+ dangerouslySetInnerHTML={{ __html: sanitize(param.htmlDesc || '') }}
/>
</div>
))
* along with this program; if not, write to the Free Software Foundation,
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
+import { sanitize } from 'dompurify';
import * as React from 'react';
import Modal from '../../../components/controls/Modal';
import { translate } from '../../../helpers/l10n';
)}
<div
className="modal-field-description"
- // Safe: defined by rule creator (instance admin?)
- dangerouslySetInnerHTML={{ __html: param.htmlDesc || '' }}
+ // eslint-disable-next-line react/no-danger
+ dangerouslySetInnerHTML={{ __html: sanitize(param.htmlDesc || '') }}
/>
</div>
);
* along with this program; if not, write to the Free Software Foundation,
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
+import { sanitize } from 'dompurify';
import * as React from 'react';
import RemoveExtendedDescriptionModal from './RemoveExtendedDescriptionModal';
import { updateRule } from '../../../api/rules';
{this.props.ruleDetails.htmlNote !== undefined && (
<div
className="rule-desc spacer-bottom markdown"
- // Safe: defined by rule creator (instance admin?)
- dangerouslySetInnerHTML={{ __html: this.props.ruleDetails.htmlNote }}
+ // eslint-disable-next-line react/no-danger
+ dangerouslySetInnerHTML={{ __html: sanitize(this.props.ruleDetails.htmlNote) }}
/>
)}
{this.props.canWrite && (
{hasDescription ? (
<div
className="coding-rules-detail-description rule-desc markdown"
- // Safe: defined by rule creator (instance admin?)
- dangerouslySetInnerHTML={{ __html: ruleDetails.htmlDesc || '' }}
+ // eslint-disable-next-line react/no-danger
+ dangerouslySetInnerHTML={{ __html: sanitize(ruleDetails.htmlDesc || '') }}
/>
) : (
<div className="coding-rules-detail-description rule-desc markdown">
* along with this program; if not, write to the Free Software Foundation,
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
+import { sanitize } from 'dompurify';
import * as React from 'react';
import { translate } from '../../../helpers/l10n';
<tr className="coding-rules-detail-parameter" key={param.key}>
<td className="coding-rules-detail-parameter-name">{param.key}</td>
<td className="coding-rules-detail-parameter-description">
- <p // Safe: defined by rule creator (instance admin?)
- dangerouslySetInnerHTML={{ __html: param.htmlDesc || '' }}
+ <p
+ // eslint-disable-next-line react/no-danger
+ dangerouslySetInnerHTML={{ __html: sanitize(param.htmlDesc || '') }}
/>
{param.defaultValue !== undefined && (
<div className="note spacer-top">
projects / sonarqube.git / commitdiff