[6.1] Update admin-update-default.es6.js SanitizHTML DOM Text Interpretd as HTML

[Shivam7-1]

Summary of Changes

In This PR Joomla.sanitizeHtml to sanitize all HTML content rendered within the application. This change improves security by preventing XSS (Cross-Site Scripting) vulnerabilities and ensures that user-generated or external HTML is safe. All relevant components have been updated for consistent sanitization, enhancing overall application integrity.

Link to documentations

Please select:

• Documentation link for docs.joomla.org:

• No documentation changes for docs.joomla.org needed

• Pull Request link for manual.joomla.org:

• No documentation changes for manual.joomla.org needed

[Shivam7-1]

Hii Reviewers @dgrammatiko
Thank You so Much For Reviewing 😃

I understand the concern about using Joomla.sanitizeHtml() without proper configuration. The intent was to sanitize potentially unsafe HTML, but I agree that it could break things when not properly configured for specific elements and their attributes. As a result, I will update the code to use textContent, which will ensure that any HTML is rendered as plain text, avoiding the potential for broken content or issues with element attributes.

I don’t have a specific test case to demonstrate an exploit, but I can explain how the issue could be tested. The potential vulnerability lies in cases where user-provided content—such as input from forms or comments—could be injected into the page and rendered without proper sanitization.

I will proceed with the change to textContent to eliminate this risk

[Hackwar]

Thank you for creating this PR, however I'm not considering this a bugfix and at this point in time I will only accept bugfixes for 5.2. Please change the PR to be against 5.3-dev. Thank you.

[Shivam7-1]

Hii @Hackwar Thanks for Reviewing PR I had Changed this to 5.3-dev
Thanks

[Shivam7-1]

Hii @Hackwar Thanks for Reviewing PR I had Changed this to 5.3-dev
Could You Please Review This PR again
Thanks

[Shivam7-1]

Hii @Hackwar @dgrammatiko Thanks for Reviewing PR I had Done Changes According to Suggestions Could Team Review This PR again
Thanks

[Shivam7-1]

Hii @Hackwar @dgrammatiko Thanks for Reviewing PR I had Done Changes According to Suggestions Could Team Review This PR again
Thanks

[Shivam7-1]

Ping @dgrammatiko

[HLeithner]

This pull request has been automatically rebased to 6.0-dev.

[Shivam7-1]

Hii @HLeithner Could you llease review this PR
Thanks

[HLeithner]

Someone with better javascript skills then me should do this, the last pr I merged by you, I had to create my own pr to fix it. So better some of the js experts should check this.

[Shivam7-1]

Hii @HLeithner Thanks For your response could you ping anyone who is expert in this
Thanks

[Shivam7-1]

Hii @rdeutz Could you please review this PR
Thanks

[HLeithner]

This pull request has been automatically rebased to 6.1-dev.