admin/n8n-enterprise-unlocked
1
0
Fork 0
mirror of https://github.com/Abdulazizzn/n8n-enterprise-unlocked.git synced 2025-12-21 03:42:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(editor): Render sanitized HTML content in toast messages (#12139)

Browse Source
This commit is contained in:
Csaba Tuncsik
2024-12-11 10:11:51 +01:00
committed by GitHub
parent ed359586c8
commit 0468945c99
12 changed files with 71 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
packages/editor-ui/src/utils/htmlUtils.ts
View File

@@ -18,8 +18,8 @@ export function sanitizeHtml(dirtyHtml: string) {
}
if (ALLOWED_HTML_ATTRIBUTES.includes(name) || name.startsWith('data-')) {
// href is allowed but we need to sanitize certain protocols
if (name === 'href' && !value.match(/^https?:\/\//gm)) {
// href is allowed but we allow only https and relative URLs
if (name === 'href' && !value.match(/^https?:\/\//gm) && !value.startsWith('/')) {
return '';
}
return `${name}="${escapeAttrValue(value)}"`;