mirrors
/
sonarqube
mirror of https://github.com/SonarSource/sonarqube.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 237 Wiki Activity
Browse Source

SONAR-13324 SONAR-13354 Fix SSF-108 and SSF-111

tags/7.9.4
Wouter Admiraal 4 years ago
parent
9e57acc7dd
commit
8b00b496d8
4 changed files with 18 additions and 13 deletions
Split View Show Diff Stats
  1. 6
    5
      server/sonar-web/src/main/js/apps/coding-rules/components/ActivationFormModal.tsx
  2. 3
    2
      server/sonar-web/src/main/js/apps/coding-rules/components/CustomRuleFormModal.tsx
  3. 5
    4
      server/sonar-web/src/main/js/apps/coding-rules/components/RuleDetailsDescription.tsx
  4. 4
    2
      server/sonar-web/src/main/js/apps/coding-rules/components/RuleDetailsParameters.tsx

+ 6
- 5
server/sonar-web/src/main/js/apps/coding-rules/components/ActivationFormModal.tsx View File

@@ -17,16 +17,17 @@
* along with this program; if not, write to the Free Software Foundation,
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
import { sanitize } from 'dompurify';
import * as React from 'react';
import { activateRule, Profile } from '../../../api/quality-profiles';
import Modal from '../../../components/controls/Modal';
import Select from '../../../components/controls/Select';
import SeverityHelper from '../../../components/shared/SeverityHelper';
import { activateRule, Profile } from '../../../api/quality-profiles';
import { Alert } from '../../../components/ui/Alert';
import { ResetButtonLink, SubmitButton } from '../../../components/ui/buttons';
import { SEVERITIES } from '../../../helpers/constants';
import { translate } from '../../../helpers/l10n';
import { sortProfiles } from '../../quality-profiles/utils';
import { SubmitButton, ResetButtonLink } from '../../../components/ui/buttons';
import { Alert } from '../../../components/ui/Alert';

interface Props {
activation?: T.RuleActivation;
@@ -224,8 +225,8 @@ export default class ActivationFormModal extends React.PureComponent<Props, Stat
)}
<div
className="note"
// Safe: defined by rule creator (instance admin?)
dangerouslySetInnerHTML={{ __html: param.htmlDesc || '' }}
// eslint-disable-next-line react/no-danger
dangerouslySetInnerHTML={{ __html: sanitize(param.htmlDesc || '') }}
/>
</div>
))

+ 3
- 2
server/sonar-web/src/main/js/apps/coding-rules/components/CustomRuleFormModal.tsx View File

@@ -17,6 +17,7 @@
* along with this program; if not, write to the Free Software Foundation,
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
import { sanitize } from 'dompurify';
import * as React from 'react';
import Modal from '../../../components/controls/Modal';
import { translate } from '../../../helpers/l10n';
@@ -304,8 +305,8 @@ export default class CustomRuleFormModal extends React.PureComponent<Props, Stat
)}
<div
className="modal-field-description"
// Safe: defined by rule creator (instance admin?)
dangerouslySetInnerHTML={{ __html: param.htmlDesc || '' }}
// eslint-disable-next-line react/no-danger
dangerouslySetInnerHTML={{ __html: sanitize(param.htmlDesc || '') }}
/>
</div>
);

+ 5
- 4
server/sonar-web/src/main/js/apps/coding-rules/components/RuleDetailsDescription.tsx View File

@@ -17,6 +17,7 @@
* along with this program; if not, write to the Free Software Foundation,
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
import { sanitize } from 'dompurify';
import * as React from 'react';
import RemoveExtendedDescriptionModal from './RemoveExtendedDescriptionModal';
import { updateRule } from '../../../api/rules';
@@ -112,8 +113,8 @@ export default class RuleDetailsDescription extends React.PureComponent<Props, S
{this.props.ruleDetails.htmlNote !== undefined && (
<div
className="rule-desc spacer-bottom markdown"
// Safe: defined by rule creator (instance admin?)
dangerouslySetInnerHTML={{ __html: this.props.ruleDetails.htmlNote }}
// eslint-disable-next-line react/no-danger
dangerouslySetInnerHTML={{ __html: sanitize(this.props.ruleDetails.htmlNote) }}
/>
)}
{this.props.canWrite && (
@@ -194,8 +195,8 @@ export default class RuleDetailsDescription extends React.PureComponent<Props, S
{hasDescription ? (
<div
className="coding-rules-detail-description rule-desc markdown"
// Safe: defined by rule creator (instance admin?)
dangerouslySetInnerHTML={{ __html: ruleDetails.htmlDesc || '' }}
// eslint-disable-next-line react/no-danger
dangerouslySetInnerHTML={{ __html: sanitize(ruleDetails.htmlDesc || '') }}
/>
) : (
<div className="coding-rules-detail-description rule-desc markdown">

+ 4
- 2
server/sonar-web/src/main/js/apps/coding-rules/components/RuleDetailsParameters.tsx View File

@@ -17,6 +17,7 @@
* along with this program; if not, write to the Free Software Foundation,
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
import { sanitize } from 'dompurify';
import * as React from 'react';
import { translate } from '../../../helpers/l10n';

@@ -29,8 +30,9 @@ export default class RuleDetailsParameters extends React.PureComponent<Props> {
<tr className="coding-rules-detail-parameter" key={param.key}>
<td className="coding-rules-detail-parameter-name">{param.key}</td>
<td className="coding-rules-detail-parameter-description">
<p // Safe: defined by rule creator (instance admin?)
dangerouslySetInnerHTML={{ __html: param.htmlDesc || '' }}
<p
// eslint-disable-next-line react/no-danger
dangerouslySetInnerHTML={{ __html: sanitize(param.htmlDesc || '') }}
/>
{param.defaultValue !== undefined && (
<div className="note spacer-top">

Write Preview
Loading…
Cancel
Save