Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Issue] Update js.phtml DOM text reinterpreted as HTML #38821

Open
3 of 5 tasks
m2-assistant bot opened this issue Jun 11, 2024 · 5 comments · May be fixed by #38804
Open
3 of 5 tasks

[Issue] Update js.phtml DOM text reinterpreted as HTML #38821

m2-assistant bot opened this issue Jun 11, 2024 · 5 comments · May be fixed by #38804
Labels
Area: Security Component: Backend Issue: Confirmed Gate 3 Passed. Manual verification of the issue completed. Issue is confirmed Issue: ready for confirmation Priority: P2 A defect with this priority could have functionality issues which are not to expectations. Progress: PR in progress Reported on 2.4.x Indicates original Magento version for the Issue report. Reproduced on 2.4.x The issue has been reproduced on latest 2.4-develop branch Triage: Dev.Experience Issue related to Developer Experience and needs help with Triage to Confirm or Reject it
Projects
High Priority Backlog

Comments

@m2-assistant
Copy link

m2-assistant bot commented Jun 11, 2024

This issue is automatically created based on existing pull request: #38804: Update js.phtml DOM text reinterpreted as HTML

Description (*)

By using innerText, it will avoid the risk of HTML injection, as these properties automatically escape any HTML special characters in the provided text. This helps prevent cross-site scripting (XSS) vulnerabilities by treating the input as plain text rather than interpreted HTML.

Contribution checklist (*)

  • Pull request has a meaningful description of its purpose
  • All commits are accompanied by meaningful commit messages
  • All new or changed code is covered with unit/integration tests (if applicable)
  • README.md files for modified modules are updated and included in the pull request if any README.md predefined sections require an update
  • All automated tests passed successfully (all builds are green)
@m2-assistant m2-assistant bot linked a pull request Jun 11, 2024 that will close this issue
Open
6 tasks
@m2-community-project m2-community-project bot added this to Ready for Confirmation in Issue Confirmation and Triage Board Jun 11, 2024
@m2-community-project m2-community-project bot added Issue: ready for confirmation Priority: P2 A defect with this priority could have functionality issues which are not to expectations. labels Jun 11, 2024
@engcom-Dash engcom-Dash added the Triage: Dev.Experience Issue related to Developer Experience and needs help with Triage to Confirm or Reject it label Jun 11, 2024
@m2-community-project m2-community-project bot added this to Pull Request In Progress in High Priority Backlog Jun 11, 2024
@m2-community-project m2-community-project bot removed this from Ready for Confirmation in Issue Confirmation and Triage Board Jun 11, 2024
@engcom-November engcom-November self-assigned this Jun 12, 2024
@m2-assistant M2 Assistant
Copy link
Author

m2-assistant bot commented Jun 12, 2024

Hi @engcom-November. Thank you for working on this issue.
In order to make sure that issue has enough information and ready for development, please read and check the following instruction: 👇

  • 1. Verify that issue has all the required information. (Preconditions, Steps to reproduce, Expected result, Actual result).
  • 2. Verify that issue has a meaningful description and provides enough information to reproduce the issue.
  • 3. Add Area: XXXXX label to the ticket, indicating the functional areas it may be related to.
  • 4. Verify that the issue is reproducible on 2.4-develop branch
    Details- Add the comment @magento give me 2.4-develop instance to deploy test instance on Magento infrastructure.
    - If the issue is reproducible on 2.4-develop branch, please, add the label Reproduced on 2.4.x.
    - If the issue is not reproducible, add your comment that issue is not reproducible and close the issue and stop verification process here!
  • 5. Add label Issue: Confirmed once verification is complete.
  • 6. Make sure that automatic system confirms that report has been added to the backlog.

@engcom-November
Copy link
Contributor

Hello @Shivam7-1,

Thank you for the report and collaboration!

It would be better to use innerText instead of innerHTML to prevent cross-site scripting.
Hence Confirming this issue.

@engcom-November engcom-November added Issue: Confirmed Gate 3 Passed. Manual verification of the issue completed. Issue is confirmed Component: Backend Area: Security Reproduced on 2.4.x The issue has been reproduced on latest 2.4-develop branch Reported on 2.4.x Indicates original Magento version for the Issue report. labels Jun 12, 2024
@github-jira-sync-bot github-jira-sync-bot removed the Issue: Confirmed Gate 3 Passed. Manual verification of the issue completed. Issue is confirmed label Jun 12, 2024
@github-jira-sync-bot
Copy link

Unfortunately, not enough information was provided to create a Jira ticket. Please make sure you added the following label(s): Reproduced on 2.4.x, ^Area:.*

Once all required labels are present, please add Issue: Confirmed label again.

@engcom-November engcom-November added the Issue: Confirmed Gate 3 Passed. Manual verification of the issue completed. Issue is confirmed label Jun 12, 2024
@github-jira-sync-bot
Copy link

✅ Jira issue https://jira.corp.adobe.com/browse/AC-12118 is successfully created for this GitHub issue.

@m2-assistant M2 Assistant
Copy link
Author

m2-assistant bot commented Jun 12, 2024

✅ Confirmed by @engcom-November. Thank you for verifying the issue.
Issue Available: @engcom-November, You will be automatically unassigned. Contributors/Maintainers can claim this issue to continue. To reclaim and continue work, reassign the ticket to yourself.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Area: Security Component: Backend Issue: Confirmed Gate 3 Passed. Manual verification of the issue completed. Issue is confirmed Issue: ready for confirmation Priority: P2 A defect with this priority could have functionality issues which are not to expectations. Progress: PR in progress Reported on 2.4.x Indicates original Magento version for the Issue report. Reproduced on 2.4.x The issue has been reproduced on latest 2.4-develop branch Triage: Dev.Experience Issue related to Developer Experience and needs help with Triage to Confirm or Reject it
Projects
High Priority Backlog
  
Pull Request In Progress
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update js.phtml DOM text reinterpreted as HTML Shivam7-1/magento2
3 participants
@engcom-November @engcom-Dash @github-jira-sync-bot