Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Sanitize entities when building HTML #9

Closed
barmac opened this issue Jun 14, 2019 · 1 comment · Fixed by #10

Comments

@barmac
Copy link
Member

commented Jun 14, 2019

Description

We do not properly sanitize entities (labels, ...) we build the properties panel UI from. This leads to UI bugs or script injection in the worst case.

Expected Behavior

We properly sanitize user input in all places where it is being used to build the properties panel.

Additional Context

Original issue: bpmn-io/bpmn-js-properties-panel#296

@nikku nikku referenced this issue Jun 14, 2019
4 of 4 tasks complete
barmac added a commit that referenced this issue Jun 14, 2019

@wuffle-app wuffle-app bot added in progress and removed backlog labels Jun 14, 2019

barmac added a commit that referenced this issue Jun 14, 2019

@wuffle-app wuffle-app bot added needs review and removed in progress labels Jun 14, 2019

barmac added a commit that referenced this issue Jun 14, 2019
barmac added a commit that referenced this issue Jun 17, 2019
barmac added a commit that referenced this issue Jun 17, 2019
barmac added a commit that referenced this issue Jun 17, 2019
barmac added a commit that referenced this issue Jun 17, 2019

@nikku nikku closed this in #10 Jun 21, 2019

@wuffle-app wuffle-app bot removed the needs review label Jun 21, 2019

@nikku

This comment has been minimized.

Copy link
Member

commented Jun 21, 2019

Released as v0.3.0.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.