Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(core): Use class-validator with XSS check for survey answers #10490

Merged
merged 15 commits into from
Aug 21, 2024
Merged

fix(core): Use class-validator with XSS check for survey answers #10490

merged 15 commits into from
Aug 21, 2024

Conversation

ivov
Copy link
Contributor

@ivov ivov commented Aug 21, 2024

The xss lib in the XSS validator sanitizes string arrays into strings, causing the equality check to fail:

  • Original: [ 'cloud-infrastructure-orchestration', 'ci-cd', 'reporting' ]
  • Sanitized: cloud-infrastructure-orchestration,ci-cd,reporting

This PR adjusts the equality check for arrays.

Follow-up to: https://linear.app/n8n/issue/PAY-1868

@n8n-assistant n8n-assistant bot added core Enhancement outside /nodes-base and /editor-ui n8n team Authored by the n8n team labels Aug 21, 2024
tomi
tomi reviewed Aug 21, 2024
View reviewed changes
packages/cli/src/databases/entities/User.ts Outdated Show resolved Hide resolved
packages/cli/src/databases/entities/User.ts Outdated Show resolved Hide resolved
packages/cli/src/requests.ts Outdated Show resolved Hide resolved
packages/cli/src/requests.ts Outdated Show resolved Hide resolved
packages/cli/src/GenericHelpers.ts Outdated Show resolved Hide resolved
@ivov ivov added the release/backport Changes that need to be backported to older releases. label Aug 21, 2024
@ivov ivov changed the title fix(core): Account for arrays in XSS validator fix(core): Use class-validator with XSS check for survey answers Aug 21, 2024
@ivov
Copy link
Contributor Author

ivov commented Aug 21, 2024

Thank you 🙏🏻

@cypress Cypress
Copy link

cypress bot commented Aug 21, 2024


Test summary

413 0 0 0Flakiness 0

Run details
Project n8n
Status Passed
Commit 5e04f7a
Started Aug 21, 2024 2:10 PM
Ended Aug 21, 2024 2:15 PM
Duration 04:57 💡
OS Linux Debian -
Browser Electron 118

View run in Cypress Cloud ➡️

This comment has been generated by cypress-bot as a result of this project's GitHub integration settings. You can manage this integration in this project's settings in the Cypress Cloud

@github-actions GitHub Actions
Copy link
Contributor

✅ All Cypress E2E specs passed

@ivov ivov merged commit 547a606 into master Aug 21, 2024
26 of 27 checks passed
@ivov ivov deleted the fix-xss-arrays-of-strings branch August 21, 2024 14:18
@github-actions github-actions bot mentioned this pull request Aug 21, 2024
Merged
@janober
Copy link
Member

janober commented Aug 21, 2024

Got released with [email protected]

@netroy netroy mentioned this pull request Aug 21, 2024
Closed
MiloradFilipovic added a commit that referenced this pull request Aug 22, 2024
@MiloradFilipovic
Merge branch 'master' into ADO2-74-assistant-store-unit-tests
d71ee57 
* master:
  🚀 Release 1.56.0 (#10502)
  fix(editor): Sending 'Assistant session started event' to posthog (no-changelog) (#10500)
  fix(core): Use class-validator with XSS check for survey answers (#10490)
  fix(editor): Stop telemetry from triggering when initializing workflow in new canvas (no-changelog) (#10492)
  fix(AI Transform Node): Remove prompt as it's already set in ASK AI endpoint (no-changelog) (#10496)
  fix(editor): Prevent unloading when changes are pending in new canvas (no-changelog) (#10474)
  feat(core): Upgrade axios to address CVE-2024-39338 (no-changelog) (#10494)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tomi tomi tomi approved these changes

Assignees
No one assigned
Labels
core Enhancement outside /nodes-base and /editor-ui n8n team Authored by the n8n team release/backport Changes that need to be backported to older releases. Released
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ivov @janober @tomi