bugfix: Fix html special chars #1010
Conversation
|
This pull request is automatically deployed with Now. |
|
@yogeshsuhagiya I remade this PR for you. Please take over it for now. You should fill out the sections that are missing content in the PR description such as "Motivation and Context" and "How has this been tested". Providing this information makes it easier for us to understand your changes. Without it we will likely push this to the bottom of the stack and prioritize other issues that have more detail. |
| @@ -73,7 +73,7 @@ class GalleryItem extends Component { | |||
| {this.renderImage()} | |||
| </Link> | |||
| <Link to={resourceUrl(productLink)} className={classes.name}> | |||
| <span>{name}</span> | |||
| <span dangerouslySetInnerHTML={{ __html: name }} /> | |||
There was a problem hiding this comment.
This is not the right approach. It's a vector for XSS, and it doesn't reflect the purpose of this node (name should be a utf-8 string, not HTML).
There was a problem hiding this comment.
We could probably close this PR and the associated issue then, right? Seems like it isn't a real bug if the data should be a utf-8 string already.
|
Product names should be Even if that weren't the case, though, we shouldn't just render database content as raw HTML, since that's what enables XSS. (If there are any other places in the app where that's happening, we should fix them.) |
Recreated based on #985.
Description
Fixed HTML special characters issue for the product name on the category page and product view page.
Related Issue
Closes #984
Motivation and Context
How Has This Been Tested?
Screenshots (if appropriate):
Proposed Labels for Change Type/Package
Checklist: