Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

xssFiltrationPattern boundary script tag restriction #39379

Open
wants to merge 4 commits into
base: 2.4-develop
Choose a base branch
from
Open

xssFiltrationPattern boundary script tag restriction #39379

wants to merge 4 commits into from

Conversation

osrecio
Copy link
Member

@osrecio osrecio commented Nov 18, 2024
edited by m2-assistant bot
Loading

Add script boundary as word

If you have an html like:

<body>
    <p class="product-description">
     hello world product description
    </p>
</body>

The problem is the class: product-description

Manual testing scenarios (*)

  1. Create a CMS Page with content:
<p class="product-description">
     hello world product description
    </p>
  1. Save and see error:
image

Contribution checklist (*)

  • Pull request has a meaningful description of its purpose
  • All commits are accompanied by meaningful commit messages
  • All new or changed code is covered with unit/integration tests (if applicable)
  • README.md files for modified modules are updated and included in the pull request if any README.md predefined sections require an update
  • All automated tests passed successfully (all builds are green)

Resolved issues:

  1. resolves [Issue] xssFiltrationPattern boundary script tag restriction #39384: xssFiltrationPattern boundary script tag restriction

@m2-assistant M2 Assistant
Copy link

m2-assistant bot commented Nov 18, 2024

Hi @osrecio. Thank you for your contribution!
Here are some useful tips on how you can test your changes using Magento test environment.
❗ Automated tests can be triggered manually with an appropriate comment:

  • @magento run all tests - run or re-run all required tests against the PR changes
  • @magento run <test-build(s)> - run or re-run specific test build(s)
    For example: @magento run Unit Tests

<test-build(s)> is a comma-separated list of build names.

Allowed build names are:
  1. Database Compare
  2. Functional Tests CE
  3. Functional Tests EE
  4. Functional Tests B2B
  5. Integration Tests
  6. Magento Health Index
  7. Sample Data Tests CE
  8. Sample Data Tests EE
  9. Sample Data Tests B2B
  10. Static Tests
  11. Unit Tests
  12. WebAPI Tests
  13. Semantic Version Checker

You can find more information about the builds here
ℹ️ Run only required test builds during development. Run all test builds before sending your pull request for review.

For more details, review the Code Contributions documentation.
Join Magento Community Engineering Slack and ask your questions in #github channel.

@m2-github-services m2-github-services added Partner: Interactiv4 Pull Request is created by partner Interactiv4 partners-contribution Pull Request is created by Magento Partner labels Nov 18, 2024
@osrecio osrecio changed the title Update ConfigurableWYSIWYGValidator.php xssFiltrationPattern boundary script tag restriction Nov 18, 2024
@osrecio
Copy link
Member Author

osrecio commented Nov 18, 2024

@magento run all tests

@engcom-Charlie
Copy link
Contributor

@magento create issue

@m2-assistant m2-assistant bot mentioned this pull request Nov 19, 2024
Open
5 tasks
@engcom-Charlie engcom-Charlie added the Priority: P2 A defect with this priority could have functionality issues which are not to expectations. label Nov 19, 2024
@ihor-sviziev
Copy link
Contributor

ihor-sviziev commented Nov 19, 2024
edited
Loading

Approved + added a test coverage for this case:

  • on 2.4-develop - unit test fails ✅
image - on a branch with changes - unit test passes

@ihor-sviziev
Copy link
Contributor

@magento run all tests

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ihor-sviziev ihor-sviziev ihor-sviziev approved these changes

Assignees

@ihor-sviziev ihor-sviziev

Labels
Partner: Interactiv4 Pull Request is created by partner Interactiv4 partners-contribution Pull Request is created by Magento Partner Priority: P2 A defect with this priority could have functionality issues which are not to expectations. Progress: ready for testing
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Issue] xssFiltrationPattern boundary script tag restriction
4 participants
@osrecio @engcom-Charlie @ihor-sviziev @m2-github-services