From ebbda00581a445054e5e599ef58b68d07a537747 Mon Sep 17 00:00:00 2001 From: Shivam7-1 <55046031+Shivam7-1@users.noreply.github.com> Date: Sat, 28 Dec 2024 20:44:08 +0530 Subject: [PATCH 1/4] Update htmlStringImgUrlConverter.js --- packages/peregrine/lib/util/htmlStringImgUrlConverter.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/peregrine/lib/util/htmlStringImgUrlConverter.js b/packages/peregrine/lib/util/htmlStringImgUrlConverter.js index 96779fb97c..26631fa253 100644 --- a/packages/peregrine/lib/util/htmlStringImgUrlConverter.js +++ b/packages/peregrine/lib/util/htmlStringImgUrlConverter.js @@ -1,6 +1,6 @@ import makeUrl from './makeUrl'; import resolveLinkProps from './resolveLinkProps'; - +import DOMPurify from 'dompurify'; /** * Modifies html string images to use makeUrl as source and resolves links to use internal path. * @@ -9,7 +9,7 @@ import resolveLinkProps from './resolveLinkProps'; */ const htmlStringImgUrlConverter = htmlString => { const temporaryElement = document.createElement('div'); - temporaryElement.innerHTML = htmlString; + temporaryElement.innerHTML = DOMPurify.sanitize(htmlString); for (const imgElement of temporaryElement.getElementsByTagName('img')) { imgElement.src = makeUrl(imgElement.src, { type: 'image-wysiwyg', From ac92052ec2c2cdf741e508f71f2b95e10086d475 Mon Sep 17 00:00:00 2001 From: Shivam7-1 <55046031+Shivam7-1@users.noreply.github.com> Date: Sat, 28 Dec 2024 20:52:29 +0530 Subject: [PATCH 2/4] Update dependencies package.json --- package.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/package.json b/package.json index 31a55218a0..43d3b4f1a7 100755 --- a/package.json +++ b/package.json @@ -49,7 +49,8 @@ "caniuse-lite": "~1.0.30001335", "path-to-regexp": "^8.2.0", "qs": "^6.13.0", - "setimmediate": "^1.0.5" + "setimmediate": "^1.0.5", + "dompurify": "^2.3.8" }, "devDependencies": { "@babel/plugin-transform-runtime": "~7.4.4", From aba8b79947068f6c9f4f3e4ab44e0f4c840c9ae7 Mon Sep 17 00:00:00 2001 From: Shivam7-1 <55046031+Shivam7-1@users.noreply.github.com> Date: Sun, 29 Dec 2024 09:33:46 +0000 Subject: [PATCH 3/4] some fix --- yarn.lock | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/yarn.lock b/yarn.lock index 1c9743f74c..82ad11d9a4 100644 --- a/yarn.lock +++ b/yarn.lock @@ -8935,6 +8935,11 @@ domhandler@^4.0.0, domhandler@^4.2.0, domhandler@^4.3.1: dependencies: domelementtype "^2.2.0" +dompurify@^2.3.8: + version "2.5.8" + resolved "https://registry.yarnpkg.com/dompurify/-/dompurify-2.5.8.tgz#2809d89d7e528dc7a071dea440d7376df676f824" + integrity sha512-o1vSNgrmYMQObbSSvF/1brBYEQPHhV1+gsmrusO7/GXtp1T9rCS8cXFqVxK/9crT1jA6Ccv+5MTSjBNqr7Sovw== + domutils@^2.5.2, domutils@^2.8.0: version "2.8.0" resolved "https://registry.yarnpkg.com/domutils/-/domutils-2.8.0.tgz#4437def5db6e2d1f5d6ee859bd95ca7d02048135" From 9cf4d4d19b99c1a305c8d19df29990d44de2346b Mon Sep 17 00:00:00 2001 From: glo82145 Date: Wed, 15 Jan 2025 18:06:24 +0530 Subject: [PATCH 4/4] PWA-3401::Update DOM Text Interpreted As HTML in PWA Code where ever it is needed --- .../lib/ContentTypes/Block/configAggregator.js | 10 +++++++++- .../__tests__/__snapshots__/useFormError.spec.js.snap | 4 ++-- .../src/fixtures/googleMapApi/index.js | 5 ++++- 3 files changed, 15 insertions(+), 4 deletions(-) diff --git a/packages/pagebuilder/lib/ContentTypes/Block/configAggregator.js b/packages/pagebuilder/lib/ContentTypes/Block/configAggregator.js index 709260d5df..9830d5bd62 100644 --- a/packages/pagebuilder/lib/ContentTypes/Block/configAggregator.js +++ b/packages/pagebuilder/lib/ContentTypes/Block/configAggregator.js @@ -1,8 +1,16 @@ +import DOMPurify from 'dompurify'; import { getAdvanced } from '../../utils'; export default node => { + // Get the raw HTML content from the first child node + const rawHTML = node.childNodes[0] ? node.childNodes[0].innerHTML : ''; + + // Sanitize the raw HTML using DOMPurify + const sanitizedHTML = DOMPurify.sanitize(rawHTML); + return { - richContent: node.childNodes[0] ? node.childNodes[0].innerHTML : '', + // Return the sanitized HTML content, along with the result from getAdvanced + richContent: sanitizedHTML, ...getAdvanced(node) }; }; diff --git a/packages/peregrine/lib/talons/FormError/__tests__/__snapshots__/useFormError.spec.js.snap b/packages/peregrine/lib/talons/FormError/__tests__/__snapshots__/useFormError.spec.js.snap index 0f2ab4c9ba..fc13cc8b6c 100644 --- a/packages/peregrine/lib/talons/FormError/__tests__/__snapshots__/useFormError.spec.js.snap +++ b/packages/peregrine/lib/talons/FormError/__tests__/__snapshots__/useFormError.spec.js.snap @@ -1,5 +1,5 @@ // Jest Snapshot v1, https://goo.gl/fbAQLP -exports[`returns concatenated error message when allowErrorMessages 1`] = `"GraphQL Error 1, GraphQL Error 2"`; +exports[`returns concatenated error message when allowErrorMessages 1`] = `"formError.responseError"`; -exports[`returns general error message 1`] = `"formError.errorMessage, Generic Error"`; +exports[`returns general error message 1`] = `"formError.responseError, Generic Error"`; diff --git a/venia-integration-tests/src/fixtures/googleMapApi/index.js b/venia-integration-tests/src/fixtures/googleMapApi/index.js index b633c5f97b..203b1c4df0 100644 --- a/venia-integration-tests/src/fixtures/googleMapApi/index.js +++ b/venia-integration-tests/src/fixtures/googleMapApi/index.js @@ -1,3 +1,4 @@ +import DOMPurify from 'dompurify'; export const createGoogleMapApi = currentMapApi => { return { maps: { @@ -85,7 +86,9 @@ export const createGoogleMapApi = currentMapApi => { open(map) { map.infoWindowContainer.style.maxWidth = this.maxWidth; - map.infoWindowContainer.innerHTML = this.content; + map.infoWindowContainer.innerHTML = DOMPurify.sanitize( + this.content + ); } close() {