Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Backport 2.x] Sanitize markdown when previewing report header/footer #484

Open
wants to merge 1 commit into
base: 2.x
Choose a base branch
from
Open

[Backport 2.x] Sanitize markdown when previewing report header/footer #484

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 5 additions & 2 deletions public/components/report_definitions/report_settings/report_settings.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
* SPDX-License-Identifier: Apache-2.0
*/

import createDOMPurify from 'dompurify';
import React, { useEffect, useState } from 'react';
import { i18n } from '@osd/i18n';
import {
Expand Down Expand Up @@ -30,8 +31,8 @@
REPORT_SOURCE_TYPES,
SAVED_SEARCH_FORMAT_OPTIONS,
} from './report_settings_constants';
import Showdown from 'showdown';

Check failure on line 34 in public/components/report_definitions/report_settings/report_settings.tsx

View workflow job for this annotation

GitHub Actions / Lint 

`showdown` import should occur before import of `./report_settings_constants`

Check failure on line 34 in public/components/report_definitions/report_settings/report_settings.tsx

View workflow job for this annotation

GitHub Actions / Lint 

'Showdown' is defined but never used. Allowed unused vars must match /^_/u
import ReactMde from 'react-mde';

Check failure on line 35 in public/components/report_definitions/report_settings/report_settings.tsx

View workflow job for this annotation

GitHub Actions / Lint 

`react-mde` import should occur before import of `./report_settings_constants`
import 'react-mde/lib/styles/css/react-mde-all.css';
import {
reportDefinitionParams,
Expand All @@ -52,14 +53,14 @@
} from './report_settings_helpers';
import { TimeRangeSelect } from './time_range';
import { converter } from '../utils';
import { ReportDefinitionSchemaType } from 'server/model';

Check failure on line 56 in public/components/report_definitions/report_settings/report_settings.tsx

View workflow job for this annotation

GitHub Actions / Lint 

`server/model` import should occur before import of `./report_settings_constants`
import { ReportTrigger } from '../report_trigger';

type ReportSettingProps = {

Check failure on line 59 in public/components/report_definitions/report_settings/report_settings.tsx

View workflow job for this annotation

GitHub Actions / Lint 

Use an `interface` instead of a `type`
edit: boolean;
editDefinitionId: string;
reportDefinitionRequest: reportDefinitionParams;
httpClientProps: any;

Check warning on line 63 in public/components/report_definitions/report_settings/report_settings.tsx

View workflow job for this annotation

GitHub Actions / Lint 

Unexpected any. Specify a different type
timeRange: timeRangeParams;
showSettingsReportNameError: boolean;
settingsReportNameErrorMessage: string;
Expand Down Expand Up @@ -90,22 +91,22 @@
const [reportDescription, setReportDescription] = useState('');
const [reportSourceId, setReportSourceId] = useState('dashboardReportSource');

const [dashboardSourceSelect, setDashboardSourceSelect] = useState([] as any);

Check warning on line 94 in public/components/report_definitions/report_settings/report_settings.tsx

View workflow job for this annotation

GitHub Actions / Lint 

Unexpected any. Specify a different type
const [dashboards, setDashboards] = useState([] as any);

Check warning on line 95 in public/components/report_definitions/report_settings/report_settings.tsx

View workflow job for this annotation

GitHub Actions / Lint 

Unexpected any. Specify a different type

const [visualizationSourceSelect, setVisualizationSourceSelect] = useState(
[] as any

Check warning on line 98 in public/components/report_definitions/report_settings/report_settings.tsx

View workflow job for this annotation

GitHub Actions / Lint 

Unexpected any. Specify a different type
);
const [visualizations, setVisualizations] = useState([] as any);

Check warning on line 100 in public/components/report_definitions/report_settings/report_settings.tsx

View workflow job for this annotation

GitHub Actions / Lint 

Unexpected any. Specify a different type

const [savedSearchSourceSelect, setSavedSearchSourceSelect] = useState(
[] as any

Check warning on line 103 in public/components/report_definitions/report_settings/report_settings.tsx

View workflow job for this annotation

GitHub Actions / Lint 

Unexpected any. Specify a different type
);
const [savedSearches, setSavedSearches] = useState([] as any);

Check warning on line 105 in public/components/report_definitions/report_settings/report_settings.tsx

View workflow job for this annotation

GitHub Actions / Lint 

Unexpected any. Specify a different type
const [savedSearchRecordLimit, setSavedSearchRecordLimit] = useState(10000);

const [notebooksSourceSelect, setNotebooksSourceSelect] = useState([] as any);

Check warning on line 108 in public/components/report_definitions/report_settings/report_settings.tsx

View workflow job for this annotation

GitHub Actions / Lint 

Unexpected any. Specify a different type
const [notebooks, setNotebooks] = useState([] as any);

Check warning on line 109 in public/components/report_definitions/report_settings/report_settings.tsx

View workflow job for this annotation

GitHub Actions / Lint 

Unexpected any. Specify a different type

const [fileFormat, setFileFormat] = useState('pdf');

Expand Down Expand Up @@ -185,7 +186,7 @@
}
};

const handleDashboardSelect = (e: string | any[]) => {

Check warning on line 189 in public/components/report_definitions/report_settings/report_settings.tsx

View workflow job for this annotation

GitHub Actions / Lint 

Unexpected any. Specify a different type
setDashboardSourceSelect(e);

let fromInContext = false;
Expand Down Expand Up @@ -340,6 +341,8 @@
setCheckboxIdSelectHeaderFooter(newCheckboxIdToSelectedMap);
};

const DOMPurify = createDOMPurify(window);

const showFooter = checkboxIdSelectHeaderFooter.footer ? (
<EuiFormRow
label={i18n.translate('opensearch.reports.reportSettingProps.footer', {
Expand All @@ -357,7 +360,7 @@
['unordered-list', 'ordered-list', 'checked-list'],
]}
generateMarkdownPreview={(markdown) =>
Promise.resolve(converter.makeHtml(markdown))
Promise.resolve(DOMPurify.sanitize(converter.makeHtml(markdown)))
}
/>
</EuiFormRow>
Expand All @@ -380,7 +383,7 @@
['unordered-list', 'ordered-list', 'checked-list'],
]}
generateMarkdownPreview={(markdown) =>
Promise.resolve(converter.makeHtml(markdown))
Promise.resolve(DOMPurify.sanitize(converter.makeHtml(markdown)))
}
/>
</EuiFormRow>
Expand All @@ -396,7 +399,7 @@
response.report_definition;
const {
report_params: {
core_params: { header, footer },

Check failure on line 402 in public/components/report_definitions/report_settings/report_settings.tsx

View workflow job for this annotation

GitHub Actions / Lint 

'header' is already declared in the upper scope

Check failure on line 402 in public/components/report_definitions/report_settings/report_settings.tsx

View workflow job for this annotation

GitHub Actions / Lint 

'footer' is already declared in the upper scope
},
} = reportDefinition;
// set header/footer default
Expand Down Expand Up @@ -497,7 +500,7 @@
}
};

const setDefaultFileFormat = (fileFormat) => {

Check failure on line 503 in public/components/report_definitions/report_settings/report_settings.tsx

View workflow job for this annotation

GitHub Actions / Lint 

'fileFormat' is already declared in the upper scope
let index = 0;
for (index = 0; index < PDF_PNG_FILE_FORMAT_OPTIONS.length; ++index) {
if (
Expand Down Expand Up @@ -603,7 +606,7 @@
}
});

if (reportSource == REPORT_SOURCE_TYPES.savedSearch) {

Check failure on line 609 in public/components/report_definitions/report_settings/report_settings.tsx

View workflow job for this annotation

GitHub Actions / Lint 

Expected '===' and instead saw '=='
setSavedSearchRecordLimit(
response.report_definition.report_params.core_params.limit
);
Expand All @@ -619,7 +622,7 @@
);
};

const defaultConfigurationEdit = async (httpClientProps) => {

Check failure on line 625 in public/components/report_definitions/report_settings/report_settings.tsx

View workflow job for this annotation

GitHub Actions / Lint 

'httpClientProps' is already declared in the upper scope
let editData = {};
await httpClientProps
.get(`../api/reporting/reportDefinitions/${editDefinitionId}`)
Expand Down
Loading