Skip to content

Commit

Permalink
fix(Designer): Prevent HTML editor from allowing DOM-based XSS (#6147)
Browse files Browse the repository at this point in the history
small fix
  • Loading branch information
Eric-B-Wu authored Nov 19, 2024
1 parent 46f62d3 commit f85d50f
Showing 1 changed file with 5 additions and 5 deletions.
10 changes: 5 additions & 5 deletions libs/designer-ui/src/lib/html/plugins/toolbar/helper/util.ts
Original file line number Diff line number Diff line change
Expand Up @@ -126,14 +126,14 @@ export const getDomFromHtmlEditorString = (htmlEditorString: string, nodeMap: Ma
// Comments at the start of a DOM are lost when parsing HTML strings, so we wrap the HTML string in a <div>.
const wrappedHtmlEditorString = `<div>${htmlEditorString}</div>`;

const purifiedHtmlEditorString = DomPurify.sanitize(encodeURIComponent(wrappedHtmlEditorString), { ADD_TAGS: ['#comment'] });
const encodedHtmlEditorString = encodeStringSegmentTokensInDomContext(decodeURIComponent(purifiedHtmlEditorString), nodeMap);
const purifiedHtmlEditorString = DomPurify.sanitize(wrappedHtmlEditorString, { ADD_TAGS: ['#comment'] });
const encodedHtmlEditorString = encodeStringSegmentTokensInDomContext(purifiedHtmlEditorString, nodeMap);

const tempElement = document.createElement('div', {});
tempElement.innerHTML = encodedHtmlEditorString;
const tempElement = document.createElement('div');
tempElement.innerHTML = DomPurify.sanitize(encodedHtmlEditorString);

// Unwrap the wrapper <div>.
return tempElement.children[0] as HTMLElement;
return tempElement.firstElementChild as HTMLElement;
};

export const isAttributeSupportedByHtmlEditor = (tagName: string, attribute: string): boolean => {
Expand Down

0 comments on commit f85d50f

Please sign in to comment.