yujunjun/OpenMetadata
1
0
Fork 0
mirror of https://github.com/open-metadata/OpenMetadata.git synced 2026-01-06 04:26:57 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix xss vul #22460 (#22461)

Browse Source 
* fix xss vul #22460

* fix the test and minor changes

---------

Co-authored-by: Sriharsha Chintalapani <harshach@users.noreply.github.com>
Co-authored-by: Ashish Gupta <ashish@getcollate.io>
This commit is contained in:
Sơn Nguyễn Bá 2025-07-22 02:23:47 +07:00 committed by GitHub
parent ddddeaf117
commit 79bd7d2715
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
openmetadata-ui/src/main/resources/ui/src/utils/FeedUtils.test.tsx
View File

@ -116,7 +116,7 @@ describe('Feed Utils', () => {
const result = getBackendFormat(message);
// eslint-disable-next-line no-useless-escape
const expectedResult = `<#E::user::\"admin\"|<#E::user::admin|[@admin](http://localhost:3000/users/admin)>> test`;
const expectedResult = `&lt;#E::user::\"admin\"|&lt;#E::user::admin|[@admin](http://localhost:3000/users/admin)&gt;&gt; test`;
expect(result).toStrictEqual(expectedResult);
});
@ -126,7 +126,7 @@ describe('Feed Utils', () => {
const result = getBackendFormat(message);
// eslint-disable-next-line no-useless-escape
const expectedResult = `<#E::user::\"admin.test\"|<#E::user::%22admin.test%22|[@admin.test](http://localhost:3000/users/%22admin.test%22)>> test`;
const expectedResult = `&lt;#E::user::\"admin.test\"|&lt;#E::user::%22admin.test%22|[@admin.test](http://localhost:3000/users/%22admin.test%22)&gt;&gt; test`;
expect(result).toStrictEqual(expectedResult);
});

5
openmetadata-ui/src/main/resources/ui/src/utils/FeedUtils.tsx
View File

@ -78,6 +78,7 @@ import {
getImageWithResolutionAndFallback,
ImageQuality,
} from './ProfilerUtils';
import { getSanitizeContent } from './sanitize.utils';
import { getDecodedFqn, getEncodedFqn } from './StringsUtils';
import { showErrorToast } from './ToastUtils';
@ -329,7 +330,7 @@ export const getBackendFormat = (message: string) => {
updatedMessage = updatedMessage.replaceAll(h, entityLink);
});
return updatedMessage;
return getSanitizeContent(updatedMessage);
};
export const getFrontEndFormat = (message: string) => {
@ -343,7 +344,7 @@ export const getFrontEndFormat = (message: string) => {
updatedMessage = updatedMessage.replaceAll(m, markdownLink);
});
return updatedMessage;
return getSanitizeContent(updatedMessage);
};
export const getUpdatedThread = (id: string) => {