summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--server/sonar-web/src/main/js/components/issue/components/IssueCommentLine.tsx4
1 files changed, 2 insertions, 2 deletions
diff --git a/server/sonar-web/src/main/js/components/issue/components/IssueCommentLine.tsx b/server/sonar-web/src/main/js/components/issue/components/IssueCommentLine.tsx
index 09de825c56a..e58535bff9f 100644
--- a/server/sonar-web/src/main/js/components/issue/components/IssueCommentLine.tsx
+++ b/server/sonar-web/src/main/js/components/issue/components/IssueCommentLine.tsx
@@ -18,6 +18,7 @@
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
import * as React from 'react';
+import { sanitize } from 'dompurify';
import Avatar from '../../ui/Avatar';
import Toggler from '../../controls/Toggler';
import { EditButton, DeleteButton } from '../../ui/buttons';
@@ -89,8 +90,7 @@ export default class IssueCommentLine extends React.PureComponent<Props, State>
</div>
<div
className="issue-comment-text markdown"
- // Safe: Comes from the backend, after markdown transformation to html
- dangerouslySetInnerHTML={{ __html: comment.htmlText }}
+ dangerouslySetInnerHTML={{ __html: sanitize(comment.htmlText) }}
/>
<div className="issue-comment-age">
<DateFromNow date={comment.createdAt} />
generated by cgit v1.2.3 (git 2.39.1) at 2025-03-31 11:11:25 +0000