@@ -17,16 +17,17 @@ | |||
* along with this program; if not, write to the Free Software Foundation, | |||
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | |||
*/ | |||
import { sanitize } from 'dompurify'; | |||
import * as React from 'react'; | |||
import { activateRule, Profile } from '../../../api/quality-profiles'; | |||
import Modal from '../../../components/controls/Modal'; | |||
import Select from '../../../components/controls/Select'; | |||
import SeverityHelper from '../../../components/shared/SeverityHelper'; | |||
import { activateRule, Profile } from '../../../api/quality-profiles'; | |||
import { Alert } from '../../../components/ui/Alert'; | |||
import { ResetButtonLink, SubmitButton } from '../../../components/ui/buttons'; | |||
import { SEVERITIES } from '../../../helpers/constants'; | |||
import { translate } from '../../../helpers/l10n'; | |||
import { sortProfiles } from '../../quality-profiles/utils'; | |||
import { SubmitButton, ResetButtonLink } from '../../../components/ui/buttons'; | |||
import { Alert } from '../../../components/ui/Alert'; | |||
interface Props { | |||
activation?: T.RuleActivation; | |||
@@ -224,8 +225,8 @@ export default class ActivationFormModal extends React.PureComponent<Props, Stat | |||
)} | |||
<div | |||
className="note" | |||
// Safe: defined by rule creator (instance admin?) | |||
dangerouslySetInnerHTML={{ __html: param.htmlDesc || '' }} | |||
// eslint-disable-next-line react/no-danger | |||
dangerouslySetInnerHTML={{ __html: sanitize(param.htmlDesc || '') }} | |||
/> | |||
</div> | |||
)) |
@@ -17,6 +17,7 @@ | |||
* along with this program; if not, write to the Free Software Foundation, | |||
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | |||
*/ | |||
import { sanitize } from 'dompurify'; | |||
import * as React from 'react'; | |||
import Modal from '../../../components/controls/Modal'; | |||
import { translate } from '../../../helpers/l10n'; | |||
@@ -304,8 +305,8 @@ export default class CustomRuleFormModal extends React.PureComponent<Props, Stat | |||
)} | |||
<div | |||
className="modal-field-description" | |||
// Safe: defined by rule creator (instance admin?) | |||
dangerouslySetInnerHTML={{ __html: param.htmlDesc || '' }} | |||
// eslint-disable-next-line react/no-danger | |||
dangerouslySetInnerHTML={{ __html: sanitize(param.htmlDesc || '') }} | |||
/> | |||
</div> | |||
); |
@@ -17,6 +17,7 @@ | |||
* along with this program; if not, write to the Free Software Foundation, | |||
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | |||
*/ | |||
import { sanitize } from 'dompurify'; | |||
import * as React from 'react'; | |||
import RemoveExtendedDescriptionModal from './RemoveExtendedDescriptionModal'; | |||
import { updateRule } from '../../../api/rules'; | |||
@@ -112,8 +113,8 @@ export default class RuleDetailsDescription extends React.PureComponent<Props, S | |||
{this.props.ruleDetails.htmlNote !== undefined && ( | |||
<div | |||
className="rule-desc spacer-bottom markdown" | |||
// Safe: defined by rule creator (instance admin?) | |||
dangerouslySetInnerHTML={{ __html: this.props.ruleDetails.htmlNote }} | |||
// eslint-disable-next-line react/no-danger | |||
dangerouslySetInnerHTML={{ __html: sanitize(this.props.ruleDetails.htmlNote) }} | |||
/> | |||
)} | |||
{this.props.canWrite && ( | |||
@@ -194,8 +195,8 @@ export default class RuleDetailsDescription extends React.PureComponent<Props, S | |||
{hasDescription ? ( | |||
<div | |||
className="coding-rules-detail-description rule-desc markdown" | |||
// Safe: defined by rule creator (instance admin?) | |||
dangerouslySetInnerHTML={{ __html: ruleDetails.htmlDesc || '' }} | |||
// eslint-disable-next-line react/no-danger | |||
dangerouslySetInnerHTML={{ __html: sanitize(ruleDetails.htmlDesc || '') }} | |||
/> | |||
) : ( | |||
<div className="coding-rules-detail-description rule-desc markdown"> |
@@ -17,6 +17,7 @@ | |||
* along with this program; if not, write to the Free Software Foundation, | |||
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | |||
*/ | |||
import { sanitize } from 'dompurify'; | |||
import * as React from 'react'; | |||
import { translate } from '../../../helpers/l10n'; | |||
@@ -29,8 +30,9 @@ export default class RuleDetailsParameters extends React.PureComponent<Props> { | |||
<tr className="coding-rules-detail-parameter" key={param.key}> | |||
<td className="coding-rules-detail-parameter-name">{param.key}</td> | |||
<td className="coding-rules-detail-parameter-description"> | |||
<p // Safe: defined by rule creator (instance admin?) | |||
dangerouslySetInnerHTML={{ __html: param.htmlDesc || '' }} | |||
<p | |||
// eslint-disable-next-line react/no-danger | |||
dangerouslySetInnerHTML={{ __html: sanitize(param.htmlDesc || '') }} | |||
/> | |||
{param.defaultValue !== undefined && ( | |||
<div className="note spacer-top"> |