Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security] Html parsing #4028

Closed
maxgfr opened this issue Nov 19, 2021 · 0 comments · Fixed by #4030
Closed

[Security] Html parsing #4028

maxgfr opened this issue Nov 19, 2021 · 0 comments · Fixed by #4030
Labels
Tech tâche uniquement technique (développement)

Comments

@maxgfr
Copy link
Member

maxgfr commented Nov 19, 2021
edited
Loading

Description

Le composant générant l'HTML issu des différentes sources de données (vérifiées), utilise une propriété dangerouslySetInnerHTML posant des problèmes de sécurité.

Solution

Il serait intéressant de mettre en place un environnement empêchant l'injection XSS et l'assainissement (sanitize) de l'HTML

Pistes
@maxgfr maxgfr added the Tech tâche uniquement technique (développement) label Nov 19, 2021
@maxgfr maxgfr mentioned this issue Nov 19, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Tech tâche uniquement technique (développement)
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(frontend): security XSS / image tag SocialGouv/code-du-travail-numerique
1 participant
@maxgfr