Skip to content

refactor(HTML): Encode every part of messageDetails #771

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jul 15, 2025
Merged

refactor(HTML): Encode every part of messageDetails #771

merged 2 commits into from
Jul 15, 2025

Conversation

maxreichmann
Copy link
Member

Since messageDetails without URLs may contain user input, they have to be encoded too.
Follow-up of discussion of #765.

JIRA: CPOUI5FOUNDATION-1061

@maxreichmann maxreichmann marked this pull request as draft July 14, 2025 10:56
@maxreichmann
Copy link
Member Author

Converted to draft for now, needs further refactoring regard. messageDetails with user input and URLs.

@coveralls
Copy link

coveralls commented Jul 14, 2025
edited
Loading

Coverage Status

coverage: 86.615% (+0.009%) from 86.606%
when pulling f4b8948 on refactor-html-xss-escape-msgdetails
into 01c8197 on main.

@maxreichmann maxreichmann marked this pull request as ready for review July 14, 2025 14:55
@maxreichmann maxreichmann changed the title refactor(HTML XSS): Encode messageDetails without URLs too refactor(HTML XSS): Encode every part of messageDetails Jul 14, 2025
@maxreichmann maxreichmann requested review from RandomByte and a team July 14, 2025 14:58
matz3
matz3 reviewed Jul 14, 2025
View reviewed changes
Copy link
Member

@matz3 matz3 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@RandomByte RandomByte changed the title refactor(HTML XSS): Encode every part of messageDetails refactor(HTML): Encode every part of messageDetails Jul 15, 2025
RandomByte
RandomByte approved these changes Jul 15, 2025
View reviewed changes
Copy link
Member

@RandomByte RandomByte left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@maxreichmann maxreichmann mentioned this pull request Jul 15, 2025
Merged
@maxreichmann maxreichmann merged commit f54b79e into main Jul 15, 2025
19 checks passed
@maxreichmann maxreichmann deleted the refactor-html-xss-escape-msgdetails branch July 15, 2025 07:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@matz3 matz3 matz3 left review comments

@RandomByte RandomByte RandomByte approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@maxreichmann @coveralls @matz3 @RandomByte