Skip to content

Update debug.es6.js SanitizHTML DOM Text Interpretd as HTML#44342

Merged
SniperSister merged 2 commits intojoomla:5.2-devfrom
Shivam7-1:patch-3
Nov 7, 2024
Merged

Update debug.es6.js SanitizHTML DOM Text Interpretd as HTML#44342
SniperSister merged 2 commits intojoomla:5.2-devfrom
Shivam7-1:patch-3

Conversation

@Shivam7-1
Copy link
Contributor

@Shivam7-1 Shivam7-1 commented Oct 23, 2024
edited
Loading

Summary of Changes

In This PR Joomla.sanitizeHtml to sanitize all HTML content rendered within the application. This change improves security by preventing XSS (Cross-Site Scripting) vulnerabilities and ensures that user-generated or external HTML is safe. All relevant components have been updated for consistent sanitization, enhancing overall application integrity.

Link to documentations

Please select:

  • Documentation link for docs.joomla.org:

  • No documentation changes for docs.joomla.org needed

  • Pull Request link for manual.joomla.org:

  • No documentation changes for manual.joomla.org needed

@joomla-cms-bot joomla-cms-bot added NPM Resource Changed This Pull Request can't be tested by Patchtester PR-5.2-dev labels Oct 23, 2024
@Shivam7-1 Shivam7-1 mentioned this pull request Oct 25, 2024
Closed
4 tasks
@Shivam7-1
Copy link
Contributor Author

Shivam7-1 commented Oct 26, 2024
edited
Loading

Hii @dgrammatiko @HLeithner Thanks For Suggestions

Could You Please Review This PR
Thanks

@Shivam7-1
Copy link
Contributor Author

Shivam7-1 commented Oct 31, 2024

Hii @dgrammatiko @HLeithner Thanks For Suggestions

Could Anyone From Team Please Review This PR
Thanks

This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/44342.

@Shivam7-1
Copy link
Contributor Author

Shivam7-1 commented Nov 7, 2024

Hii @dgrammatiko @HLeithner this PR is ready for review.
Could you please take a look when you have time?
Let me know if you have any questions or suggestions.
Thanks!

@laoneo
Copy link
Member

laoneo commented Nov 7, 2024

How this can actually being exploited within the core? Can you provide some testing instructions how we can reproduce the issue you are trying to fix?

@HLeithner
Copy link
Member

HLeithner commented Nov 7, 2024

Pretty sure it's a good idea to sanitize it, we can't guarantee that the server send us valid and proper data since it's based on user input (if I read the code correctly it returns com_finder data).

@Shivam7-1 we need 2 tests to merge this, if someone came up and test it and mark it as tested on https://issues.joomla.org we can merge it.

@brianteeman
Copy link
Contributor

brianteeman commented Nov 7, 2024

I have tested this item ✅ successfully on 284ee8b

code review

This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/44342.

@viocassel
Copy link
Contributor

viocassel commented Nov 7, 2024

I have tested this item ✅ successfully on 284ee8b

This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/44342.

@SniperSister SniperSister enabled auto-merge (squash) November 7, 2024 13:02
@SniperSister SniperSister merged commit 773f7d4 into joomla:5.2-dev Nov 7, 2024
@Quy Quy added this to the Joomla! 5.2.1 milestone Nov 7, 2024
@HLeithner
Copy link
Member

HLeithner commented Nov 7, 2024

thanks @Shivam7-1

HLeithner added a commit that referenced this pull request Nov 7, 2024
@HLeithner
Revert "Update debug.es6.js (#44342)"
01a2606 
This reverts commit 773f7d4.
@HLeithner HLeithner mentioned this pull request Nov 7, 2024
Merged
@laoneo laoneo mentioned this pull request Nov 8, 2024
Open
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

NPM Resource Changed This Pull Request can't be tested by Patchtester

Projects

None yet

Milestone

Joomla! 5.2.2

Development

Successfully merging this pull request may close these issues.

8 participants

@Shivam7-1 @laoneo @HLeithner @brianteeman @viocassel @Quy @SniperSister @joomla-cms-bot