Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Escape json references #4651

Merged
merged 1 commit into from
Sep 23, 2024
Merged

fix: Escape json references #4651

merged 1 commit into from
Sep 23, 2024

Conversation

kyle-ssg
Copy link
Member

@kyle-ssg kyle-ssg commented Sep 23, 2024
edited by khvn26
Loading

Thanks for submitting a PR! Please check the boxes below:

  • I have added information to docs/ if required so people know about the feature!
  • I have filled in the "Changes" section below?
  • I have filled in the "How did you test this code" section below?
  • I have used a Conventional Commit title for this Pull Request

Changes

JSON references JSON was not html escaped, this meant that setting a remote config value of <div>test</div> would render as markup when previewing JSON.

How did you test this code?

image

@kyle-ssg kyle-ssg requested a review from a team as a code owner September 23, 2024 11:14
@vercel Vercel
Copy link

vercel bot commented Sep 23, 2024
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
flagsmith-frontend-preview ✅ Ready (Inspect) Visit Preview 💬 Add feedback Sep 23, 2024 11:14am
flagsmith-frontend-staging ✅ Ready (Inspect) Visit Preview 💬 Add feedback Sep 23, 2024 11:14am
1 Skipped Deployment
Name Status Preview Comments Updated (UTC)
docs ⬜️ Ignored (Inspect) Sep 23, 2024 11:14am

@kyle-ssg kyle-ssg requested a review from rolodato September 23, 2024 11:14
@github-actions github-actions bot added the front-end Issue related to the React Front End Dashboard label Sep 23, 2024
@kyle-ssg kyle-ssg linked an issue Sep 23, 2024 that may be closed by this pull request
Ensure XSS sanitisation/validation for JSON previews #4648
Closed
@github-actions github-actions bot added the fix label Sep 23, 2024
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Sep 23, 2024
edited
Loading

Docker builds report

Image Build Status Security report
ghcr.io/flagsmith/flagsmith-e2e:pr-4651 Finished ✅ Skipped
ghcr.io/flagsmith/flagsmith-api-test:pr-4651 Finished ✅ Skipped
ghcr.io/flagsmith/flagsmith-private-cloud:pr-4651 Finished ✅ Results
ghcr.io/flagsmith/flagsmith:pr-4651 Finished ✅ Results
ghcr.io/flagsmith/flagsmith-frontend:pr-4651 Finished ✅ Results
ghcr.io/flagsmith/flagsmith-api:pr-4651 Finished ✅ Results

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Sep 23, 2024
edited
Loading

Uffizzi Preview deployment-56537 was deleted.

@khvn26 khvn26 added the security Security updates label Sep 23, 2024
@kyle-ssg kyle-ssg added this pull request to the merge queue Sep 23, 2024
Merged via the queue into main with commit 2780aa8 Sep 23, 2024
32 checks passed
@kyle-ssg kyle-ssg deleted the fix/escape-json-references branch September 23, 2024 17:54
@flagsmithdev flagsmithdev mentioned this pull request Sep 23, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@khvn26 khvn26 khvn26 approved these changes

@rolodato rolodato Awaiting requested review from rolodato

Assignees
No one assigned
Labels
fix front-end Issue related to the React Front End Dashboard security Security updates
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Ensure XSS sanitisation/validation for JSON previews
2 participants
@kyle-ssg @khvn26