diff options
Diffstat (limited to 'server/sonar-web/src/main/js/app')
3 files changed, 15 insertions, 16 deletions
diff --git a/server/sonar-web/src/main/js/app/components/extensions/exposeLibraries.ts b/server/sonar-web/src/main/js/app/components/extensions/exposeLibraries.ts index 1f58dcb7458..7ac527b9b18 100644 --- a/server/sonar-web/src/main/js/app/components/extensions/exposeLibraries.ts +++ b/server/sonar-web/src/main/js/app/components/extensions/exposeLibraries.ts @@ -17,6 +17,7 @@ * along with this program; if not, write to the Free Software Foundation, * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ + import { FormattedMessage } from 'react-intl'; import NotFound from '../../../app/components/NotFound'; import A11ySkipTarget from '../../../components/a11y/A11ySkipTarget'; @@ -103,7 +104,7 @@ import { postJSONBody, request, } from '../../../helpers/request'; -import { sanitizeStringRestricted } from '../../../helpers/sanitize'; +import { sanitizeHTMLRestricted } from '../../../helpers/sanitize'; import { getStandards, renderCWECategory, @@ -166,7 +167,7 @@ const exposeLibraries = () => { getComponentSecurityHotspotsUrl, getMeasureHistoryUrl, getRulesUrl, - sanitizeStringRestricted, + sanitizeStringRestricted: sanitizeHTMLRestricted, }; }, }); diff --git a/server/sonar-web/src/main/js/app/components/search/SearchResult.tsx b/server/sonar-web/src/main/js/app/components/search/SearchResult.tsx index 1a7b7f91856..0035fe6e482 100644 --- a/server/sonar-web/src/main/js/app/components/search/SearchResult.tsx +++ b/server/sonar-web/src/main/js/app/components/search/SearchResult.tsx @@ -17,11 +17,13 @@ * along with this program; if not, write to the Free Software Foundation, * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ + import * as React from 'react'; import Link from '../../../components/common/Link'; import ClockIcon from '../../../components/icons/ClockIcon'; import FavoriteIcon from '../../../components/icons/FavoriteIcon'; import QualifierIcon from '../../../components/icons/QualifierIcon'; +import { SafeHTMLInjection } from '../../../helpers/sanitize'; import { getComponentOverviewUrl } from '../../../helpers/urls'; import { ComponentResult } from './utils'; @@ -60,12 +62,9 @@ export default class SearchResult extends React.PureComponent<Props> { </span> {component.match ? ( - <span - className="navbar-search-item-match" - // Safe: comes from the search engine, that injects bold tags into component names - // eslint-disable-next-line react/no-danger - dangerouslySetInnerHTML={{ __html: component.match }} - /> + <SafeHTMLInjection htmlAsString={component.match}> + <span className="navbar-search-item-match" /> + </SafeHTMLInjection> ) : ( <span className="navbar-search-item-match">{component.name}</span> )} diff --git a/server/sonar-web/src/main/js/app/components/search/__tests__/__snapshots__/SearchResult-test.tsx.snap b/server/sonar-web/src/main/js/app/components/search/__tests__/__snapshots__/SearchResult-test.tsx.snap index 18f2646901e..df492ffecc1 100644 --- a/server/sonar-web/src/main/js/app/components/search/__tests__/__snapshots__/SearchResult-test.tsx.snap +++ b/server/sonar-web/src/main/js/app/components/search/__tests__/__snapshots__/SearchResult-test.tsx.snap @@ -80,14 +80,13 @@ exports[`renders match 1`] = ` qualifier="TRK" /> </span> - <span - className="navbar-search-item-match" - dangerouslySetInnerHTML={ - { - "__html": "f<mark>o</mark>o", - } - } - /> + <SafeHTMLInjection + htmlAsString="f<mark>o</mark>o" + > + <span + className="navbar-search-item-match" + /> + </SafeHTMLInjection> </div> <div className="navbar-search-item-right text-muted-2" |