Skip to content

Fix XSS vulnerability in antd package#1243

Merged
ukrbublik merged 2 commits intomasterfrom
fix-xss-1009
Apr 25, 2025
Merged

Fix XSS vulnerability in antd package#1243
ukrbublik merged 2 commits intomasterfrom
fix-xss-1009

Conversation

@ukrbublik
Copy link
Copy Markdown
Owner

@ukrbublik ukrbublik commented Apr 25, 2025

Resolves #1009

@codesandbox
Copy link
Copy Markdown

codesandbox Bot commented Apr 25, 2025

Review or Edit in CodeSandbox

Open the branch in Web EditorVS CodeInsiders

Open Preview

@vercel
Copy link
Copy Markdown

vercel Bot commented Apr 25, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
react-awesome-query-builder-examples 🛑 Canceled (Inspect) Apr 25, 2025 1:41pm
react-awesome-query-builder-sandbox ✅ Ready (Inspect) Visit Preview 💬 Add feedback Apr 25, 2025 1:41pm
react-awesome-query-builder-sandbox-next ✅ Ready (Inspect) Visit Preview 💬 Add feedback Apr 25, 2025 1:41pm

@codesandbox-ci
Copy link
Copy Markdown

codesandbox-ci Bot commented Apr 25, 2025

This pull request is automatically built and testable in CodeSandbox.

To see build info of the built libraries, click here or the icon next to each commit SHA.

Latest deployment of this branch, based on commit b1f8b96:

Sandbox Source
@react-awesome-query-builder/examples Configuration
@react-awesome-query-builder/sandbox Configuration
@react-awesome-query-builder/sandbox-simple Configuration
@react-awesome-query-builder/sandbox-next Configuration

@codecov
Copy link
Copy Markdown

codecov Bot commented Apr 25, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 85.71429% with 2 lines in your changes missing coverage. Please review.

Project coverage is 80.50%. Comparing base (8d11920) to head (b1f8b96).
Report is 1 commits behind head on master.

Files with missing lines Patch % Lines
packages/ui/modules/components/rule/Field.jsx 0.00% 1 Missing and 1 partial ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #1243      +/-   ##
==========================================
+ Coverage   80.48%   80.50%   +0.02%     
==========================================
  Files         223      223              
  Lines       12129    12137       +8     
  Branches     1543     1544       +1     
==========================================
+ Hits         9762     9771       +9     
+ Misses       1625     1624       -1     
  Partials      742      742

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

ukrbublik
ukrbublik commented Apr 25, 2025
View reviewed changes
Comment thread packages/antd/modules/utils/domUtils.js
if (typeof document !== "undefined") {
var div = document.createElement("div");
div.innerHTML = str;
div.innerText = str;
Copy link
Copy Markdown
Owner Author

@ukrbublik ukrbublik Apr 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The fix

@ukrbublik ukrbublik merged commit 9ae0f8c into master Apr 25, 2025
17 checks passed
@ukrbublik ukrbublik deleted the fix-xss-1009 branch April 29, 2025 09:23
@lightbeam9811
Copy link
Copy Markdown

lightbeam9811 commented Feb 1, 2026

Hi @ukrbublik , how are you today? I can fix your issue. If possible, we can chat in telegram or discord.

Telegram: @yarndex888
Discord: yarndex888

I will wait for your reply.

Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

XSS handling for antd select options

2 participants

@ukrbublik @lightbeam9811