mohiit1502/Automata
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix(editor): Fixing XSS vulnerability in toast messages (#10329)

Browse Source 
Co-authored-by: Adi <aditya@netroy.in>
This commit is contained in:
Milorad FIlipović
2024-08-08 16:28:51 +02:00
committed by GitHub
parent b6c47c0e32
commit 38bdd9f5d0
5 changed files with 25 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
packages/editor-ui/src/composables/useToast.ts
View File

@@ -18,7 +18,7 @@ export interface NotificationErrorWithNodeAndDescription extends ApplicationErro
}
const messageDefaults: Partial<Omit<NotificationOptions, 'message'>> = {
dangerouslyUseHTMLString: true,
dangerouslyUseHTMLString: false,
position: 'bottom-right',
};
@@ -32,28 +32,28 @@ export function useToast() {
const i18n = useI18n();
function showMessage(messageData: Partial<NotificationOptions>, track = true) {
messageData = { ...messageDefaults, ...messageData };
const { message, title } = messageData;
const params = { ...messageDefaults, ...messageData };
Object.defineProperty(messageData, 'message', {
value:
typeof messageData.message === 'string'
? sanitizeHtml(messageData.message)
: messageData.message,
writable: true,
enumerable: true,
});
if (typeof message === 'string') {
params.message = sanitizeHtml(message);
}
const notification = Notification(messageData);
if (typeof title === 'string') {
params.title = sanitizeHtml(title);
}
if (messageData.duration === 0) {
const notification = Notification(params);
if (params.duration === 0) {
stickyNotificationQueue.push(notification);
}
if (messageData.type === 'error' && track) {
if (params.type === 'error' && track) {
telemetry.track('Instance FE emitted error', {
error_title: messageData.title,
error_message: messageData.message,
caused_by_credential: causedByCredential(messageData.message as string),
error_title: params.title,
error_message: params.message,
caused_by_credential: causedByCredential(params.message as string),
workflow_id: workflowsStore.workflowId,
});
}
@@ -133,6 +133,7 @@ export function useToast() {
${collapsableDetails(error)}`,
type: 'error',
duration: 0,
dangerouslyUseHTMLString: true,
},
false,
);