Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CHEF-9731 validation for preventing special character in html tags #8355

Merged
merged 2 commits into from
Jan 30, 2024
Merged

CHEF-9731 validation for preventing special character in html tags #8355

merged 2 commits into from
Jan 30, 2024

Conversation

vinay033
Copy link
Collaborator

@vinay033 vinay033 commented Jan 30, 2024
edited by vkarve-chef
Loading

🔩 Description: What code changed, and why?

We can insert HTML tags and links as chef tags and chef tag also accepts special characters and value input, meaning there is no proper whitelisting and input value validation.

⛓️ Related Resources

👍 Definition of Done

https://chefio.atlassian.net/browse/CHEF-9731

👟 How to Build and Test the Change

✅ Checklist

All PRs must tick these:

With occasional exceptions, all PRs from Progress employees must tick these:

  • Is the code clear? (complicated code or lots of comments--subdivide and use well-named methods, meaningful variable names, etc.)
  • Consistency checked? (user notifications, user prompts, visual patterns, code patterns, variable names)
  • Repeated code blocks eliminated? (adapt and reuse existing components, blocks, functions, etc.)
  • Spelling, grammar, typos checked? (at a minimum use make spell in any component directory)
  • Code well-formatted? (indents, line breaks, etc. improve rather than hinder readability)

All PRs from Progress employees should tick these if appropriate:

  • Tests added/updated? (all new code needs new tests)
  • Docs added/updated? (all customer-facing changes)

Please add a note next to any checkbox above if you are NOT ticking it.

📷 Screenshots, if applicable

@vinay033
prevent html tags or special characters for infrastructure details tags
2d8b24c 
Signed-off-by: vinay sharma <vsharma@chef.io>
@vinay033
disable add tags button on error time
12fc4dd 
Signed-off-by: vinay sharma <vsharma@chef.io>
@vinay033 vinay033 self-assigned this Jan 30, 2024
@anees-progress anees-progress merged commit 7176347 into security-fixes-2 Jan 30, 2024
2 of 4 checks passed
@anees-progress anees-progress deleted the Vinay/prevent-html-tags-2850 branch January 30, 2024 06:34
@vkarve-chef vkarve-chef changed the title validation for preventing special character in html tags CHEF-9731 validation for preventing special character in html tags Feb 1, 2024
anees-progress pushed a commit that referenced this pull request Feb 28, 2024
@vinay033 @anees-progress
validation for preventing special character in html tags (#8355)
1a21ab0 
* prevent html tags or special characters for infrastructure details tags

Signed-off-by: vinay sharma <vsharma@chef.io>

* disable add tags button on error time

Signed-off-by: vinay sharma <vsharma@chef.io>

---------

Signed-off-by: vinay sharma <vsharma@chef.io>
Dmaddu pushed a commit that referenced this pull request Feb 28, 2024
@anees-progress @Ghanavishmathi-Macharla
@vinay033 @AadeshNichite @vkarve-chef @Sunanda-Boorla @arunjn-progress @arunjn
packages updated and security fixes (#8365)
040fddd 
* updated express package version (#8337)

Signed-off-by: Ghanavishmathi-Macharla <gmacharl@progress.com>

* fixed ansi regex dependabot security issues for automate ui and chef … (#8336)

* fixed ansi regex dependabot security issues for automate ui and chef ui libary

Signed-off-by: vinay sharma <vsharma@chef.io>

* added ansi regex inside dependencies for automate ui and chef ui library

Signed-off-by: vinay sharma <vsharma@chef.io>

* remove package from main dependencies

Signed-off-by: vinay sharma <vsharma@chef.io>

---------

Signed-off-by: vinay sharma <vsharma@chef.io>

* Moved protractor from dependencies to devDependencies (#8330)

Signed-off-by: AadeshNichite <anichite@progress.com>

* Chef 8161 remove package lock.json from automate UI (#8315)

* CHEF-8161: Updated package-lock with latest

Signed-off-by: anees-progress <aushaik@progress.com>

* removed not needed changes

Signed-off-by: anees-progress <aushaik@progress.com>

* Updated package-loc

Signed-off-by: anees-progress <aushaik@progress.com>

* Added chef-ui bug fixes

Signed-off-by: anees-progress <aushaik@progress.com>

* CHEF-8161: Updated Nodejs and Fixed issues

Signed-off-by: anees-progress <aushaik@progress.com>

* Updated nodejs version

Signed-off-by: anees-progress <aushaik@progress.com>

---------

Signed-off-by: anees-progress <aushaik@progress.com>
Signed-off-by: Sunanda-Boorla <sboorla@progress.com>
Signed-off-by: AadeshNichite <anichite@progress.com>
Co-authored-by: Vikram Karve <85881329+vkarve-chef@users.noreply.github.com>
Co-authored-by: Sunanda Boorla <101619541+Sunanda-Boorla@users.noreply.github.com>
Co-authored-by: AadeshNichite <anichite@progress.com>

* Updated marked version (#8351)

* Updated marked version

Signed-off-by: Sunanda-Boorla <Sunanda.Boorla@progress.com>

* validation for preventing special character in html tags  (#8355)

* prevent html tags or special characters for infrastructure details tags

Signed-off-by: vinay sharma <vsharma@chef.io>

* disable add tags button on error time

Signed-off-by: vinay sharma <vsharma@chef.io>

---------

Signed-off-by: vinay sharma <vsharma@chef.io>

* Updated Pendo init changes (#8357)

Signed-off-by: arunjn <arunjn@gmail.com>
Co-authored-by: arunjn <arunjn@gmail.com>

* Arun/pendo init changes (#8358)

* Updated Pendo init changes

Signed-off-by: arunjn <arunjn@gmail.com>

* Fixed build error

Signed-off-by: arunjn <arunjn@gmail.com>

---------

Signed-off-by: arunjn <arunjn@gmail.com>
Co-authored-by: arunjn <arunjn@gmail.com>

* Arun/pendo init changes (#8363)

* Updated Pendo init changes

Signed-off-by: arunjn <arunjn@gmail.com>

* Fixed build error

Signed-off-by: arunjn <arunjn@gmail.com>

* Corrected usage data attribute for Pendo

Signed-off-by: arunjn <arunjn@gmail.com>

* Corrected usage data attribute for Pendo

Signed-off-by: arunjn <arunjn@gmail.com>

---------

Signed-off-by: arunjn <arunjn@gmail.com>
Co-authored-by: arunjn <arunjn@gmail.com>

* updated the package-lock

Signed-off-by: anees-progress <aushaik@progress.com>

* Updated attribte names for Pendo init

Signed-off-by: arunjn <arunjn@gmail.com>

---------

Signed-off-by: Ghanavishmathi-Macharla <gmacharl@progress.com>
Signed-off-by: vinay sharma <vsharma@chef.io>
Signed-off-by: AadeshNichite <anichite@progress.com>
Signed-off-by: anees-progress <aushaik@progress.com>
Signed-off-by: Sunanda-Boorla <sboorla@progress.com>
Signed-off-by: Sunanda-Boorla <Sunanda.Boorla@progress.com>
Signed-off-by: arunjn <arunjn@gmail.com>
Co-authored-by: Ghanavishmathi-Macharla <146057791+Ghanavishmathi-Macharla@users.noreply.github.com>
Co-authored-by: vinay sharma <vsharma@chef.io>
Co-authored-by: AadeshNichite <anichite@progress.com>
Co-authored-by: Vikram Karve <85881329+vkarve-chef@users.noreply.github.com>
Co-authored-by: Sunanda Boorla <101619541+Sunanda-Boorla@users.noreply.github.com>
Co-authored-by: arunjn-progress <111877020+arunjn-progress@users.noreply.github.com>
Co-authored-by: arunjn <arunjn@gmail.com>
swatiganesh pushed a commit that referenced this pull request Apr 16, 2024
@anees-progress @Ghanavishmathi-Macharla
@vinay033 @AadeshNichite @vkarve-chef @Sunanda-Boorla @arunjn-progress @arunjn @swatiganesh
packages updated and security fixes (#8365)
26eb703 
* updated express package version (#8337)

Signed-off-by: Ghanavishmathi-Macharla <gmacharl@progress.com>

* fixed ansi regex dependabot security issues for automate ui and chef … (#8336)

* fixed ansi regex dependabot security issues for automate ui and chef ui libary

Signed-off-by: vinay sharma <vsharma@chef.io>

* added ansi regex inside dependencies for automate ui and chef ui library

Signed-off-by: vinay sharma <vsharma@chef.io>

* remove package from main dependencies

Signed-off-by: vinay sharma <vsharma@chef.io>

---------

Signed-off-by: vinay sharma <vsharma@chef.io>

* Moved protractor from dependencies to devDependencies (#8330)

Signed-off-by: AadeshNichite <anichite@progress.com>

* Chef 8161 remove package lock.json from automate UI (#8315)

* CHEF-8161: Updated package-lock with latest

Signed-off-by: anees-progress <aushaik@progress.com>

* removed not needed changes

Signed-off-by: anees-progress <aushaik@progress.com>

* Updated package-loc

Signed-off-by: anees-progress <aushaik@progress.com>

* Added chef-ui bug fixes

Signed-off-by: anees-progress <aushaik@progress.com>

* CHEF-8161: Updated Nodejs and Fixed issues

Signed-off-by: anees-progress <aushaik@progress.com>

* Updated nodejs version

Signed-off-by: anees-progress <aushaik@progress.com>

---------

Signed-off-by: anees-progress <aushaik@progress.com>
Signed-off-by: Sunanda-Boorla <sboorla@progress.com>
Signed-off-by: AadeshNichite <anichite@progress.com>
Co-authored-by: Vikram Karve <85881329+vkarve-chef@users.noreply.github.com>
Co-authored-by: Sunanda Boorla <101619541+Sunanda-Boorla@users.noreply.github.com>
Co-authored-by: AadeshNichite <anichite@progress.com>

* Updated marked version (#8351)

* Updated marked version

Signed-off-by: Sunanda-Boorla <Sunanda.Boorla@progress.com>

* validation for preventing special character in html tags  (#8355)

* prevent html tags or special characters for infrastructure details tags

Signed-off-by: vinay sharma <vsharma@chef.io>

* disable add tags button on error time

Signed-off-by: vinay sharma <vsharma@chef.io>

---------

Signed-off-by: vinay sharma <vsharma@chef.io>

* Updated Pendo init changes (#8357)

Signed-off-by: arunjn <arunjn@gmail.com>
Co-authored-by: arunjn <arunjn@gmail.com>

* Arun/pendo init changes (#8358)

* Updated Pendo init changes

Signed-off-by: arunjn <arunjn@gmail.com>

* Fixed build error

Signed-off-by: arunjn <arunjn@gmail.com>

---------

Signed-off-by: arunjn <arunjn@gmail.com>
Co-authored-by: arunjn <arunjn@gmail.com>

* Arun/pendo init changes (#8363)

* Updated Pendo init changes

Signed-off-by: arunjn <arunjn@gmail.com>

* Fixed build error

Signed-off-by: arunjn <arunjn@gmail.com>

* Corrected usage data attribute for Pendo

Signed-off-by: arunjn <arunjn@gmail.com>

* Corrected usage data attribute for Pendo

Signed-off-by: arunjn <arunjn@gmail.com>

---------

Signed-off-by: arunjn <arunjn@gmail.com>
Co-authored-by: arunjn <arunjn@gmail.com>

* updated the package-lock

Signed-off-by: anees-progress <aushaik@progress.com>

* Updated attribte names for Pendo init

Signed-off-by: arunjn <arunjn@gmail.com>

---------

Signed-off-by: Ghanavishmathi-Macharla <gmacharl@progress.com>
Signed-off-by: vinay sharma <vsharma@chef.io>
Signed-off-by: AadeshNichite <anichite@progress.com>
Signed-off-by: anees-progress <aushaik@progress.com>
Signed-off-by: Sunanda-Boorla <sboorla@progress.com>
Signed-off-by: Sunanda-Boorla <Sunanda.Boorla@progress.com>
Signed-off-by: arunjn <arunjn@gmail.com>
Co-authored-by: Ghanavishmathi-Macharla <146057791+Ghanavishmathi-Macharla@users.noreply.github.com>
Co-authored-by: vinay sharma <vsharma@chef.io>
Co-authored-by: AadeshNichite <anichite@progress.com>
Co-authored-by: Vikram Karve <85881329+vkarve-chef@users.noreply.github.com>
Co-authored-by: Sunanda Boorla <101619541+Sunanda-Boorla@users.noreply.github.com>
Co-authored-by: arunjn-progress <111877020+arunjn-progress@users.noreply.github.com>
Co-authored-by: arunjn <arunjn@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@anees-progress anees-progress Awaiting requested review from anees-progress

Assignees

@vinay033 vinay033

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@vinay033 @anees-progress