XML

Word

Printable

Type: Bug
Resolution: Unresolved
Fix Version/s: None
Affects Version/s: None
Component/s: Editor general

Urgency:
High
Important release notes:
ON RELEASE / ROLL OUT: test availability of new JS files!
ChangeLog Description:
Use a more sophisticated UI lib for HTML sanitising instead just encoding it.
Checklist:

Empty

show more show less

Problem

With several changes to prevent XSS with plain htmlEncode several places where HTML should be allowed in the UI valid HTML is also escaped.

Multiple examples:

The message box toast messages
The rendered comments in the tooltip over the segment grid

solution

Include a more sophisticated UI lib to sanitize HTML instead just escape it.

is duplicated by

TRANSLATE-5154 Escape Html content on rendering

Done

relates to

TRANSLATE-4950 Implement a helper to find XSS vulnerabilities in translate5 and fix found vulnerabilities

Done

Assignee:: Thomas Lauria
Reporter:: Thomas Lauria
Peer developer:: Axel Becher, Sanya Mikhliaiev
Votes:: 0 Vote for this issue
Watchers:: 1 Start watching this issue

Created:: 4 days ago 09:21
Updated:: 4 days ago 10:17