Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(editor): Fix xss issues in toast usages #10733

Merged
merged 3 commits into from
Sep 9, 2024
Merged

fix(editor): Fix xss issues in toast usages #10733

merged 3 commits into from
Sep 9, 2024

Conversation

tomi
Copy link
Contributor

@tomi tomi commented Sep 9, 2024

Summary

  • fix(editor): Fix XSS issue in node error message toast
  • fix(editor): Fix XSS issue in AI assistant message toast
  • fix(editor): Fix potential xss in workflow activation error message

Before

Kapture.2024-09-09.at.11.24.02.mp4

After

Kapture.2024-09-09.at.11.21.45.mp4

Related Linear tickets, Github issues, and Community forum posts

SEC-117

Review / Merge checklist

  • PR title and summary are descriptive. (conventions)
  • Docs updated or follow-up ticket created.
  • Tests included.
  • PR Labeled with release/backport (if the PR is an urgent fix that needs to be backported)

@tomi tomi force-pushed the sec-117-xss-sanitizehtml-used-incorrectly branch from fe4ab74 to ceabc3b Compare September 9, 2024 09:11
@tomi tomi force-pushed the sec-117-xss-sanitizehtml-used-incorrectly branch from ceabc3b to 5c7e517 Compare September 9, 2024 09:24
@cypress Cypress
Copy link

cypress bot commented Sep 9, 2024

n8n    Run #6784

Run Properties:  status check passed Passed #6784  •  git commit 5c7e517be2: 🌳 🖥️ browsers:node18.12.0-chrome107 🤖 tomi 🗃️ e2e/*
Project n8n
Branch Review sec-117-xss-sanitizehtml-used-incorrectly
Run status status check passed Passed #6784
Run duration 04m 38s
Commit git commit 5c7e517be2: 🌳 🖥️ browsers:node18.12.0-chrome107 🤖 tomi 🗃️ e2e/*
Committer Tomi Turtiainen
View all properties for this run ↗︎
Test results
Tests that failed  Failures 0
Tests that were flaky  Flaky 0
Tests that did not run due to a developer annotating a test with .skip  Pending 0
Tests that did not run due to a failure in a mocha hook  Skipped 0
Tests that passed  Passing 425
View all changes introduced in this branch ↗︎

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Sep 9, 2024

✅ All Cypress E2E specs passed

@tomi tomi merged commit 6df6f5f into master Sep 9, 2024
32 checks passed
@tomi tomi deleted the sec-117-xss-sanitizehtml-used-incorrectly branch September 9, 2024 10:26
@tomi tomi added the tests-needed This PR needs additional tests label Sep 9, 2024
MiloradFilipovic added a commit that referenced this pull request Sep 10, 2024
@MiloradFilipovic
Merge branch 'master' into setup-and-auth-view-to-composition-api
65e6e74 
* master:
  feat(benchmark): New options for n8n benchmark (#10741)
  fix(Chat Trigger Node): Fix auth in "Embedded Chat" mode (#10734)
  fix(Webflow Node): Update scopes to include forms (#10554)
  test(editor): Add unit tests for `sanitizeHtml` (#10737)
  fix(editor): Fix xss issues in toast usages (#10733)
  fix(OpenAI Chat Model Node): Prevent filtering of fine-tuned models in model selector (#10662)
  feat: Filter parameter: Improve loose type validation for booleans (#10702)
  test: Add scaling n8n setup (multi-main) (#10644)
  refactor(editor): Migrate NodeWebhooks to Composition API (no-changelog) (#10710)
  fix(editor): Fix broken executions view (no-changelog) (#10714)
  fix(editor): Don't render pinned icon for disabled nodes (#10712)
@github-actions github-actions bot mentioned this pull request Sep 11, 2024
Merged
@Joffcom
Copy link
Member

Joffcom commented Sep 11, 2024

Got released with [email protected]

riascho pushed a commit that referenced this pull request Sep 23, 2024
@tomi @riascho
fix(editor): Fix xss issues in toast usages (#10733)
8794124
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@OlegIvaniv OlegIvaniv OlegIvaniv approved these changes

Assignees
No one assigned
Labels
Released tests-needed This PR needs additional tests
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@tomi @Joffcom @OlegIvaniv