aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorWouter Admiraal <wouter.admiraal@sonarsource.com>2020-06-19 10:47:02 +0200
committersonartech <sonartech@sonarsource.com>2020-06-30 20:05:42 +0000
commitb3840f39050b6a805c321748c84726038ccb3f6a (patch)
treeb43640482300151448d6a1bebf8c9a9bb870afd6
parent5e93a5a3e81c5285e354d4632024c31581bd7ae5 (diff)
downloadsonarqube-b3840f39050b6a805c321748c84726038ccb3f6a.tar.gz
sonarqube-b3840f39050b6a805c321748c84726038ccb3f6a.zip
SONAR-11914 Fix SSF-76
Diffstat
-rw-r--r--server/sonar-web/src/main/js/apps/about/components/AboutApp.tsx5
1 files changed, 3 insertions, 2 deletions
diff --git a/server/sonar-web/src/main/js/apps/about/components/AboutApp.tsx b/server/sonar-web/src/main/js/apps/about/components/AboutApp.tsx
index c8cac2354f3..4f53635a2c8 100644
--- a/server/sonar-web/src/main/js/apps/about/components/AboutApp.tsx
+++ b/server/sonar-web/src/main/js/apps/about/components/AboutApp.tsx
@@ -17,6 +17,7 @@
* along with this program; if not, write to the Free Software Foundation,
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
+import { sanitize } from 'dompurify';
import { Location } from 'history';
import { keyBy } from 'lodash';
import * as React from 'react';
@@ -159,8 +160,8 @@ export class AboutApp extends React.PureComponent<Props, State> {
{customText && (
<div
className="about-page-section"
- // Safe: Defined by instance admin
- dangerouslySetInnerHTML={{ __html: customText }}
+ // eslint-disable-next-line react/no-danger
+ dangerouslySetInnerHTML={{ __html: sanitize(customText) }}
/>
)}
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-10 02:04:26 +0000