-
Notifications
You must be signed in to change notification settings - Fork 111
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CHEF-9731 validation for preventing special character in html tags #8355
Merged
anees-progress
merged 2 commits into
security-fixes-2
from
Vinay/prevent-html-tags-2850
Jan 30, 2024
Merged
CHEF-9731 validation for preventing special character in html tags #8355
anees-progress
merged 2 commits into
security-fixes-2
from
Vinay/prevent-html-tags-2850
Jan 30, 2024
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: vinay sharma <vsharma@chef.io>
Signed-off-by: vinay sharma <vsharma@chef.io>
vkarve-chef
changed the title
validation for preventing special character in html tags
CHEF-9731 validation for preventing special character in html tags
Feb 1, 2024
anees-progress
pushed a commit
that referenced
this pull request
Feb 28, 2024
* prevent html tags or special characters for infrastructure details tags Signed-off-by: vinay sharma <vsharma@chef.io> * disable add tags button on error time Signed-off-by: vinay sharma <vsharma@chef.io> --------- Signed-off-by: vinay sharma <vsharma@chef.io>
Dmaddu
pushed a commit
that referenced
this pull request
Feb 28, 2024
* updated express package version (#8337) Signed-off-by: Ghanavishmathi-Macharla <gmacharl@progress.com> * fixed ansi regex dependabot security issues for automate ui and chef … (#8336) * fixed ansi regex dependabot security issues for automate ui and chef ui libary Signed-off-by: vinay sharma <vsharma@chef.io> * added ansi regex inside dependencies for automate ui and chef ui library Signed-off-by: vinay sharma <vsharma@chef.io> * remove package from main dependencies Signed-off-by: vinay sharma <vsharma@chef.io> --------- Signed-off-by: vinay sharma <vsharma@chef.io> * Moved protractor from dependencies to devDependencies (#8330) Signed-off-by: AadeshNichite <anichite@progress.com> * Chef 8161 remove package lock.json from automate UI (#8315) * CHEF-8161: Updated package-lock with latest Signed-off-by: anees-progress <aushaik@progress.com> * removed not needed changes Signed-off-by: anees-progress <aushaik@progress.com> * Updated package-loc Signed-off-by: anees-progress <aushaik@progress.com> * Added chef-ui bug fixes Signed-off-by: anees-progress <aushaik@progress.com> * CHEF-8161: Updated Nodejs and Fixed issues Signed-off-by: anees-progress <aushaik@progress.com> * Updated nodejs version Signed-off-by: anees-progress <aushaik@progress.com> --------- Signed-off-by: anees-progress <aushaik@progress.com> Signed-off-by: Sunanda-Boorla <sboorla@progress.com> Signed-off-by: AadeshNichite <anichite@progress.com> Co-authored-by: Vikram Karve <85881329+vkarve-chef@users.noreply.github.com> Co-authored-by: Sunanda Boorla <101619541+Sunanda-Boorla@users.noreply.github.com> Co-authored-by: AadeshNichite <anichite@progress.com> * Updated marked version (#8351) * Updated marked version Signed-off-by: Sunanda-Boorla <Sunanda.Boorla@progress.com> * validation for preventing special character in html tags (#8355) * prevent html tags or special characters for infrastructure details tags Signed-off-by: vinay sharma <vsharma@chef.io> * disable add tags button on error time Signed-off-by: vinay sharma <vsharma@chef.io> --------- Signed-off-by: vinay sharma <vsharma@chef.io> * Updated Pendo init changes (#8357) Signed-off-by: arunjn <arunjn@gmail.com> Co-authored-by: arunjn <arunjn@gmail.com> * Arun/pendo init changes (#8358) * Updated Pendo init changes Signed-off-by: arunjn <arunjn@gmail.com> * Fixed build error Signed-off-by: arunjn <arunjn@gmail.com> --------- Signed-off-by: arunjn <arunjn@gmail.com> Co-authored-by: arunjn <arunjn@gmail.com> * Arun/pendo init changes (#8363) * Updated Pendo init changes Signed-off-by: arunjn <arunjn@gmail.com> * Fixed build error Signed-off-by: arunjn <arunjn@gmail.com> * Corrected usage data attribute for Pendo Signed-off-by: arunjn <arunjn@gmail.com> * Corrected usage data attribute for Pendo Signed-off-by: arunjn <arunjn@gmail.com> --------- Signed-off-by: arunjn <arunjn@gmail.com> Co-authored-by: arunjn <arunjn@gmail.com> * updated the package-lock Signed-off-by: anees-progress <aushaik@progress.com> * Updated attribte names for Pendo init Signed-off-by: arunjn <arunjn@gmail.com> --------- Signed-off-by: Ghanavishmathi-Macharla <gmacharl@progress.com> Signed-off-by: vinay sharma <vsharma@chef.io> Signed-off-by: AadeshNichite <anichite@progress.com> Signed-off-by: anees-progress <aushaik@progress.com> Signed-off-by: Sunanda-Boorla <sboorla@progress.com> Signed-off-by: Sunanda-Boorla <Sunanda.Boorla@progress.com> Signed-off-by: arunjn <arunjn@gmail.com> Co-authored-by: Ghanavishmathi-Macharla <146057791+Ghanavishmathi-Macharla@users.noreply.github.com> Co-authored-by: vinay sharma <vsharma@chef.io> Co-authored-by: AadeshNichite <anichite@progress.com> Co-authored-by: Vikram Karve <85881329+vkarve-chef@users.noreply.github.com> Co-authored-by: Sunanda Boorla <101619541+Sunanda-Boorla@users.noreply.github.com> Co-authored-by: arunjn-progress <111877020+arunjn-progress@users.noreply.github.com> Co-authored-by: arunjn <arunjn@gmail.com>
swatiganesh
pushed a commit
that referenced
this pull request
Apr 16, 2024
* updated express package version (#8337) Signed-off-by: Ghanavishmathi-Macharla <gmacharl@progress.com> * fixed ansi regex dependabot security issues for automate ui and chef … (#8336) * fixed ansi regex dependabot security issues for automate ui and chef ui libary Signed-off-by: vinay sharma <vsharma@chef.io> * added ansi regex inside dependencies for automate ui and chef ui library Signed-off-by: vinay sharma <vsharma@chef.io> * remove package from main dependencies Signed-off-by: vinay sharma <vsharma@chef.io> --------- Signed-off-by: vinay sharma <vsharma@chef.io> * Moved protractor from dependencies to devDependencies (#8330) Signed-off-by: AadeshNichite <anichite@progress.com> * Chef 8161 remove package lock.json from automate UI (#8315) * CHEF-8161: Updated package-lock with latest Signed-off-by: anees-progress <aushaik@progress.com> * removed not needed changes Signed-off-by: anees-progress <aushaik@progress.com> * Updated package-loc Signed-off-by: anees-progress <aushaik@progress.com> * Added chef-ui bug fixes Signed-off-by: anees-progress <aushaik@progress.com> * CHEF-8161: Updated Nodejs and Fixed issues Signed-off-by: anees-progress <aushaik@progress.com> * Updated nodejs version Signed-off-by: anees-progress <aushaik@progress.com> --------- Signed-off-by: anees-progress <aushaik@progress.com> Signed-off-by: Sunanda-Boorla <sboorla@progress.com> Signed-off-by: AadeshNichite <anichite@progress.com> Co-authored-by: Vikram Karve <85881329+vkarve-chef@users.noreply.github.com> Co-authored-by: Sunanda Boorla <101619541+Sunanda-Boorla@users.noreply.github.com> Co-authored-by: AadeshNichite <anichite@progress.com> * Updated marked version (#8351) * Updated marked version Signed-off-by: Sunanda-Boorla <Sunanda.Boorla@progress.com> * validation for preventing special character in html tags (#8355) * prevent html tags or special characters for infrastructure details tags Signed-off-by: vinay sharma <vsharma@chef.io> * disable add tags button on error time Signed-off-by: vinay sharma <vsharma@chef.io> --------- Signed-off-by: vinay sharma <vsharma@chef.io> * Updated Pendo init changes (#8357) Signed-off-by: arunjn <arunjn@gmail.com> Co-authored-by: arunjn <arunjn@gmail.com> * Arun/pendo init changes (#8358) * Updated Pendo init changes Signed-off-by: arunjn <arunjn@gmail.com> * Fixed build error Signed-off-by: arunjn <arunjn@gmail.com> --------- Signed-off-by: arunjn <arunjn@gmail.com> Co-authored-by: arunjn <arunjn@gmail.com> * Arun/pendo init changes (#8363) * Updated Pendo init changes Signed-off-by: arunjn <arunjn@gmail.com> * Fixed build error Signed-off-by: arunjn <arunjn@gmail.com> * Corrected usage data attribute for Pendo Signed-off-by: arunjn <arunjn@gmail.com> * Corrected usage data attribute for Pendo Signed-off-by: arunjn <arunjn@gmail.com> --------- Signed-off-by: arunjn <arunjn@gmail.com> Co-authored-by: arunjn <arunjn@gmail.com> * updated the package-lock Signed-off-by: anees-progress <aushaik@progress.com> * Updated attribte names for Pendo init Signed-off-by: arunjn <arunjn@gmail.com> --------- Signed-off-by: Ghanavishmathi-Macharla <gmacharl@progress.com> Signed-off-by: vinay sharma <vsharma@chef.io> Signed-off-by: AadeshNichite <anichite@progress.com> Signed-off-by: anees-progress <aushaik@progress.com> Signed-off-by: Sunanda-Boorla <sboorla@progress.com> Signed-off-by: Sunanda-Boorla <Sunanda.Boorla@progress.com> Signed-off-by: arunjn <arunjn@gmail.com> Co-authored-by: Ghanavishmathi-Macharla <146057791+Ghanavishmathi-Macharla@users.noreply.github.com> Co-authored-by: vinay sharma <vsharma@chef.io> Co-authored-by: AadeshNichite <anichite@progress.com> Co-authored-by: Vikram Karve <85881329+vkarve-chef@users.noreply.github.com> Co-authored-by: Sunanda Boorla <101619541+Sunanda-Boorla@users.noreply.github.com> Co-authored-by: arunjn-progress <111877020+arunjn-progress@users.noreply.github.com> Co-authored-by: arunjn <arunjn@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
🔩 Description: What code changed, and why?
We can insert HTML tags and links as chef tags and chef tag also accepts special characters and value input, meaning there is no proper whitelisting and input value validation.
⛓️ Related Resources
👍 Definition of Done
https://chefio.atlassian.net/browse/CHEF-9731
👟 How to Build and Test the Change
✅ Checklist
All PRs must tick these:
With occasional exceptions, all PRs from Progress employees must tick these:
make spell
in any component directory)All PRs from Progress employees should tick these if appropriate:
Please add a note next to any checkbox above if you are NOT ticking it.
📷 Screenshots, if applicable