fix(core): Sanitize confirmation modal body (#7407)

spinnaker · Sep 18, 2019 · 68cc18f · 68cc18f
1 parent f8267a4
commit 68cc18f
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/app/scripts/modules/core/src/confirmationModal/confirmationModal.service.ts b/app/scripts/modules/core/src/confirmationModal/confirmationModal.service.ts
@@ -1,4 +1,5 @@
 import { module } from 'angular';
+import * as DOMPurify from 'dompurify';
 import { IModalService, IModalSettings } from 'angular-ui-bootstrap';
 
 export interface IConfirmationModalParams {
@@ -38,7 +39,7 @@ export class ConfirmationModalService {
     const extendedParams: IConfirmationModalParams = { ...this.defaults, ...params };
 
     if (extendedParams.body) {
-      extendedParams.body = this.$sce.trustAsHtml(extendedParams.body);
+      extendedParams.body = this.$sce.trustAsHtml(DOMPurify.sanitize(extendedParams.body));
     }
 
     const modalArgs: IModalSettings = {