Joomla! Issue Tracker - CMS

Download
Launch
Feeling Lucky

[#44342] - Update debug.es6.js SanitizHTML DOM Text Interpretd as HTML

NPM Resource Changed PR-5.2-dev Pending

User tests: Successful: Unsuccessful:

avatar Shivam7-1
Shivam7-1
23 Oct 2024

Summary of Changes

In This PR Joomla.sanitizeHtml to sanitize all HTML content rendered within the application. This change improves security by preventing XSS (Cross-Site Scripting) vulnerabilities and ensures that user-generated or external HTML is safe. All relevant components have been updated for consistent sanitization, enhancing overall application integrity.

Link to documentations

Please select:

  • Documentation link for docs.joomla.org:

  • No documentation changes for docs.joomla.org needed

  • Pull Request link for manual.joomla.org:

  • No documentation changes for manual.joomla.org needed

avatar Shivam7-1 Shivam7-1 - open - 23 Oct 2024
avatar Shivam7-1 Shivam7-1 - change - 23 Oct 2024
Status New Pending
avatar joomla-cms-bot joomla-cms-bot - change - 23 Oct 2024
Category JavaScript Repository NPM Change
avatar Shivam7-1 Shivam7-1 - change - 23 Oct 2024
The description was changed
avatar Shivam7-1 Shivam7-1 - edited - 23 Oct 2024
avatar Shivam7-1
Shivam7-1 - comment - 26 Oct 2024

Hii @dgrammatiko @HLeithner Thanks For Suggestions

Could You Please Review This PR
Thanks

avatar Shivam7-1
Shivam7-1 - comment - 31 Oct 2024

Hii @dgrammatiko @HLeithner Thanks For Suggestions

Could Anyone From Team Please Review This PR
Thanks

This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/44342.

avatar Shivam7-1 Shivam7-1 - change - 4 Nov 2024
The description was changed
avatar Shivam7-1 Shivam7-1 - edited - 4 Nov 2024
avatar Shivam7-1
Shivam7-1 - comment - 7 Nov 2024

Hii @dgrammatiko @HLeithner this PR is ready for review.
Could you please take a look when you have time?
Let me know if you have any questions or suggestions.
Thanks!

avatar laoneo
laoneo - comment - 7 Nov 2024

How this can actually being exploited within the core? Can you provide some testing instructions how we can reproduce the issue you are trying to fix?

avatar HLeithner
HLeithner - comment - 7 Nov 2024

Pretty sure it's a good idea to sanitize it, we can't guarantee that the server send us valid and proper data since it's based on user input (if I read the code correctly it returns com_finder data).

@Shivam7-1 we need 2 tests to merge this, if someone came up and test it and mark it as tested on https://issues.joomla.org we can merge it.

avatar brianteeman brianteeman - test_item - 7 Nov 2024 - Tested successfully
avatar brianteeman
brianteeman - comment - 7 Nov 2024

I have tested this item ✅ successfully on 284ee8b

code review

This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/44342.

avatar viocassel viocassel - test_item - 7 Nov 2024 - Tested successfully
avatar viocassel
viocassel - comment - 7 Nov 2024

I have tested this item ✅ successfully on 284ee8b

This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/44342.

avatar SniperSister SniperSister - change - 7 Nov 2024
Labels Added: NPM Resource Changed PR-5.2-dev
avatar SniperSister SniperSister - change - 7 Nov 2024
Status Pending Fixed in Code Base
Closed_Date 0000-00-00 00:00:00 2024-11-07 13:29:39
Closed_By SniperSister
avatar SniperSister SniperSister - close - 7 Nov 2024
avatar SniperSister SniperSister - merge - 7 Nov 2024
avatar HLeithner
HLeithner - comment - 7 Nov 2024

thanks @Shivam7-1

Add a Comment

Login with GitHub to post a comment