Skip to content

Commit 6d07f6c

Browse files
thornbillthornbill
authored
Merge pull request #7941 from thornbill/xss-checkbox-11
Fix xss in checkbox element
2 parents 6b6d7e5 + 3dd9c7f commit 6d07f6c

2 files changed

Lines changed: 12 additions & 9 deletions

File tree

src/apps/dashboard/routes/users/access.tsx

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -318,8 +318,14 @@ const UserLibraryAccess = () => {
318318
key={Item.Id}
319319
className='chkDevice'
320320
itemId={Item.Id}
321-
itemName={Item.CustomName || Item.Name}
322-
itemAppName={Item.AppName}
321+
itemName={
322+
[
323+
Item.CustomName || Item.Name,
324+
Item.AppName
325+
]
326+
.filter(Boolean)
327+
.join(' - ')
328+
}
323329
itemCheckedAttribute={Item.checkedAttribute}
324330
/>
325331
))}

src/elements/CheckBoxElement.tsx

Lines changed: 4 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -45,7 +45,6 @@ interface CheckBoxElementProps {
4545
dataFilter?: string;
4646
itemType?: string;
4747
itemId?: string | null;
48-
itemAppName?: string | null;
4948
itemCheckedAttribute?: string;
5049
itemName?: string | null;
5150
title?: string;
@@ -58,14 +57,12 @@ const CheckBoxElement: FC<CheckBoxElementProps> = ({
5857
dataFilter,
5958
itemType,
6059
itemId,
61-
itemAppName,
6260
itemCheckedAttribute,
6361
itemName,
6462
title
6563
}) => {
66-
const appName = itemAppName ? `- ${itemAppName}` : '';
6764
const renderContent = itemName ?
68-
`<span>${escapeHTML(itemName || '')} ${appName}</span>` :
65+
`<span>${escapeHTML(itemName)}</span>` :
6966
`<span>${globalize.translate(title)}</span>`;
7067

7168
return (
@@ -75,13 +72,13 @@ const CheckBoxElement: FC<CheckBoxElementProps> = ({
7572
labelClassName: labelClassName ?
7673
`class='${labelClassName}'` :
7774
'',
78-
className: className,
75+
className,
7976
id: elementId ? `id='${elementId}'` : '',
8077
dataFilter: dataFilter ? `data-filter='${dataFilter}'` : '',
8178
dataItemType: itemType ? `data-itemtype='${itemType}'` : '',
82-
dataId: itemId ? `data-id='${itemId}'` : '',
79+
dataId: itemId ? `data-id='${escapeHTML(itemId)}'` : '',
8380
checkedAttribute: itemCheckedAttribute || '',
84-
renderContent: renderContent
81+
renderContent
8582
})}
8683
/>
8784
);

0 commit comments

Comments
 (0)