diff options
| author | Jeremy Davis <jeremy.davis@sonarsource.com> | 2019-06-26 14:34:26 +0200 |
|---|---|---|
| committer | sonartech <sonartech@sonarsource.com> | 2019-06-28 08:45:55 +0200 |
| commit | 715ef2a837a34a12cfad43fc806f5103f41233aa (patch) | |
| tree | 1e0f75fb28eb4b2fd381b023536dc78e328c582a /server/sonar-web | |
| parent | 2be628875fdcf113cb8a0cbe458816a067a3a5f7 (diff) | |
| download | sonarqube-715ef2a837a34a12cfad43fc806f5103f41233aa.tar.gz sonarqube-715ef2a837a34a12cfad43fc806f5103f41233aa.zip | |
SONAR-12236 Fix SSF-81
Diffstat (limited to 'server/sonar-web')
| -rw-r--r-- | server/sonar-web/src/main/js/components/issue/components/IssueCommentLine.tsx | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/server/sonar-web/src/main/js/components/issue/components/IssueCommentLine.tsx b/server/sonar-web/src/main/js/components/issue/components/IssueCommentLine.tsx index 09de825c56a..e58535bff9f 100644 --- a/server/sonar-web/src/main/js/components/issue/components/IssueCommentLine.tsx +++ b/server/sonar-web/src/main/js/components/issue/components/IssueCommentLine.tsx @@ -18,6 +18,7 @@ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ import * as React from 'react'; +import { sanitize } from 'dompurify'; import Avatar from '../../ui/Avatar'; import Toggler from '../../controls/Toggler'; import { EditButton, DeleteButton } from '../../ui/buttons'; @@ -89,8 +90,7 @@ export default class IssueCommentLine extends React.PureComponent<Props, State> </div> <div className="issue-comment-text markdown" - // Safe: Comes from the backend, after markdown transformation to html - dangerouslySetInnerHTML={{ __html: comment.htmlText }} + dangerouslySetInnerHTML={{ __html: sanitize(comment.htmlText) }} /> <div className="issue-comment-age"> <DateFromNow date={comment.createdAt} /> |