SONAR-11914 Fix SSF-76

author Wouter Admiraal <wouter.admiraal@sonarsource.com>

Fri, 19 Jun 2020 08:47:02 +0000 (10:47 +0200)

committer sonartech <sonartech@sonarsource.com>

Tue, 30 Jun 2020 20:05:42 +0000 (20:05 +0000)
author Wouter Admiraal <wouter.admiraal@sonarsource.com>
Fri, 19 Jun 2020 08:47:02 +0000 (10:47 +0200)
committer sonartech <sonartech@sonarsource.com>
Tue, 30 Jun 2020 20:05:42 +0000 (20:05 +0000)
diff --git a/server/sonar-web/src/main/js/apps/about/components/AboutApp.tsx b/server/sonar-web/src/main/js/apps/about/components/AboutApp.tsx

index c8cac2354f35b0cef1d6daed0a97b38cd650cc94..4f53635a2c8c07890efd81824a6175312c86a7e8 100644 (file)
--- a/server/sonar-web/src/main/js/apps/about/components/AboutApp.tsx
+++ b/server/sonar-web/src/main/js/apps/about/components/AboutApp.tsx
@@ -17,6 +17,7 @@
   * along with this program; if not, write to the Free Software Foundation,
   * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
   */
+import { sanitize } from 'dompurify';
  import { Location } from 'history';
  import { keyBy } from 'lodash';
  import * as React from 'react';
@@ -159,8 +160,8 @@ export class AboutApp extends React.PureComponent<Props, State> {
            {customText && (
              <div
                className="about-page-section"
-              // Safe: Defined by instance admin
-              dangerouslySetInnerHTML={{ __html: customText }}
+              // eslint-disable-next-line react/no-danger
+              dangerouslySetInnerHTML={{ __html: sanitize(customText) }}
              />
            )}
author	Wouter Admiraal <wouter.admiraal@sonarsource.com>
	Fri, 19 Jun 2020 08:47:02 +0000 (10:47 +0200)
committer	sonartech <sonartech@sonarsource.com>
	Tue, 30 Jun 2020 20:05:42 +0000 (20:05 +0000)