Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(module:select): fix XSS vulnerabilities #6222

Merged
merged 1 commit into from
Dec 18, 2020
Merged

fix(module:select): fix XSS vulnerabilities #6222

merged 1 commit into from
Dec 18, 2020

Conversation

yangjunhan
Copy link
Contributor

close #6209

PR Checklist

Please check if your PR fulfills the following requirements:

PR Type

What kind of change does this PR introduce?

[x] Bugfix
[ ] Feature
[ ] Code style update (formatting, local variables)
[ ] Refactoring (no functional changes, no api changes)
[ ] Build related changes
[ ] CI related changes
[ ] Documentation content changes
[ ] Application (the showcase website) / infrastructure changes
[ ] Other... Please describe:

What is the current behavior?

Issue Number: #6209

What is the new behavior?

Does this PR introduce a breaking change?

[ ] Yes
[x] No

Other information

@zorro-bot
Copy link

zorro-bot bot commented Dec 18, 2020

This preview will be available after the AzureCI is passed.

@codecov
Copy link

codecov bot commented Dec 18, 2020
edited
Loading

Codecov Report

Merging #6222 (b100d94) into master (47a03e5) will decrease coverage by 0.01%.
The diff coverage is 100.00%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #6222      +/-   ##
==========================================
- Coverage   89.86%   89.84%   -0.02%     
==========================================
  Files         477      477              
  Lines       15170    15170              
  Branches     2296     2296              
==========================================
- Hits        13632    13630       -2     
- Misses        943      944       +1     
- Partials      595      596       +1
Impacted Files Coverage Δ
components/select/select-search.component.ts 87.23% <100.00%> (ø)
components/tabs/tab-nav-bar.component.ts 82.39% <0.00%> (-0.71%) ⬇️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 47a03e5...b100d94. Read the comment docs.

@hsuanxyz hsuanxyz changed the title fix(module:select): search prevents html injection fix(module:select): fix XSS vulnerabilities Dec 18, 2020
@hsuanxyz hsuanxyz merged commit a393b89 into NG-ZORRO:master Dec 18, 2020
@tyzh
Copy link

tyzh commented Oct 22, 2021
edited
Loading

mirrorDOM.innerHTML = this.renderer.createText(${inputDOM.value}&nbsp;);
the result of createText is an object, so this code will cause the innerHTML of mirrorDOM is '[object Text]'

createText方法的返回结果是一个对象,这样赋值会导致mirrorDOM元素的innerHTML为 [object Text]

@LemniscateX LemniscateX mentioned this pull request Sep 5, 2022
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vthinkxie vthinkxie Awaiting requested review from vthinkxie vthinkxie is a code owner

Assignees
No one assigned
Labels
PR: merged
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

nz-select组件multiple模式安全问题
3 participants
@yangjunhan @tyzh @hsuanxyz