Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SVG: Add dompurify preprocessor step #62143

Merged
merged 2 commits into from
Jan 25, 2023
Merged

SVG: Add dompurify preprocessor step #62143

merged 2 commits into from
Jan 25, 2023

Conversation

nmarrs
Copy link
Contributor

@nmarrs nmarrs commented Jan 25, 2023
edited by ryantxu
Loading

What is this feature?

Use dompurify to sanitize all svgs

@nmarrs nmarrs added area/security backport v8.5.x Mark PR for automatic backport to v8.5.x no-changelog Skip including change in changelog/release notes backport v9.2.x Mark PR for automatic backport to v9.2.x backport v9.3.x labels Jan 25, 2023
@nmarrs nmarrs added this to the 9.3.5 milestone Jan 25, 2023
@nmarrs nmarrs requested review from a team January 25, 2023 16:53
@nmarrs nmarrs self-assigned this Jan 25, 2023
@nmarrs nmarrs requested a review from a team January 25, 2023 16:53
@nmarrs nmarrs requested review from a team as code owners January 25, 2023 16:53
@nmarrs nmarrs requested review from a team, ashharrison90, JoaoSilvaGrafana, mckn, oscarkilhed and baldm0mma and removed request for a team, ashharrison90, JoaoSilvaGrafana, mckn and oscarkilhed January 25, 2023 16:53
@nmarrs nmarrs removed request for a team, academo and zoltanbedi January 25, 2023 16:54
@grafana grafana deleted a comment from grafanabot Jan 25, 2023
@ryantxu ryantxu added the product-approved Pull requests that are approved by product/managers and are allowed to be backported label Jan 25, 2023
@grafana grafana deleted a comment from grafanabot Jan 25, 2023
@grafana grafana deleted a comment from grafanabot Jan 25, 2023
@nmarrs nmarrs merged commit 8b574e2 into main Jan 25, 2023
@nmarrs nmarrs deleted the svg-xss-security-fix branch January 25, 2023 18:37
@grafanabot
Copy link
Contributor

The backport to v8.5.x failed:

The process '/usr/bin/git' failed with exit code 1

To backport manually, run these commands in your terminal:

# Fetch latest updates from GitHub
git fetch
# Create a new branch
git switch --create backport-62143-to-v8.5.x origin/v8.5.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x 8b574e22b53aa4c5a35032a58844fd4aaaa12f5f
# Push it to GitHub
git push --set-upstream origin backport-62143-to-v8.5.x
git switch main
# Remove the local backport branch
git branch -D backport-62143-to-v8.5.x

Then, create a pull request where the base branch is v8.5.x and the compare/head branch is backport-62143-to-v8.5.x.

@grafanabot grafanabot added the backport-failed Failed to generate backport PR. Please resolve conflicts and create one manually. label Jan 25, 2023
@grafanabot
Copy link
Contributor

The backport to v9.2.x failed:

The process '/usr/bin/git' failed with exit code 1

To backport manually, run these commands in your terminal:

# Fetch latest updates from GitHub
git fetch
# Create a new branch
git switch --create backport-62143-to-v9.2.x origin/v9.2.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x 8b574e22b53aa4c5a35032a58844fd4aaaa12f5f
# Push it to GitHub
git push --set-upstream origin backport-62143-to-v9.2.x
git switch main
# Remove the local backport branch
git branch -D backport-62143-to-v9.2.x

Then, create a pull request where the base branch is v9.2.x and the compare/head branch is backport-62143-to-v9.2.x.

@grafanabot
Copy link
Contributor

The backport to v9.3.x failed:

The process '/usr/bin/git' failed with exit code 1

To backport manually, run these commands in your terminal:

# Fetch latest updates from GitHub
git fetch
# Create a new branch
git switch --create backport-62143-to-v9.3.x origin/v9.3.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x 8b574e22b53aa4c5a35032a58844fd4aaaa12f5f
# Push it to GitHub
git push --set-upstream origin backport-62143-to-v9.3.x
git switch main
# Remove the local backport branch
git branch -D backport-62143-to-v9.3.x

Then, create a pull request where the base branch is v9.3.x and the compare/head branch is backport-62143-to-v9.3.x.

nmarrs added a commit that referenced this pull request Jan 25, 2023
@nmarrs
SVG: Add dompurify preprocessor step (#62143)
306d082 
Co-authored-by: Ryan McKinley <ryantxu@gmail.com>
(cherry picked from commit 8b574e2)
@nmarrs nmarrs mentioned this pull request Jan 25, 2023
Merged
nmarrs added a commit that referenced this pull request Jan 25, 2023
@nmarrs
SVG: Add dompurify preprocessor step (#62143)
3462a4c 
Co-authored-by: Ryan McKinley <ryantxu@gmail.com>
(cherry picked from commit 8b574e2)
@nmarrs nmarrs mentioned this pull request Jan 25, 2023
Merged
baldm0mma pushed a commit that referenced this pull request Jan 26, 2023
@nmarrs @ryantxu @baldm0mma
SVG: Add dompurify preprocessor step (#62143)
2be700c 
Co-authored-by: Ryan McKinley <ryantxu@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ryantxu ryantxu ryantxu approved these changes

@adela-almasan adela-almasan adela-almasan approved these changes

Assignees

@nmarrs nmarrs

Labels
area/frontend area/security backport v8.5.x Mark PR for automatic backport to v8.5.x backport v9.2.x Mark PR for automatic backport to v9.2.x backport v9.3.x backport-failed Failed to generate backport PR. Please resolve conflicts and create one manually. enterprise-ok no-changelog Skip including change in changelog/release notes product-approved Pull requests that are approved by product/managers and are allowed to be backported
Projects
None yet
Milestone
9.3.6
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@nmarrs @grafanabot @ryantxu @adela-almasan