mudhorn/n8n
1
0
Fork 0
mirror of https://github.com/n8n-io/n8n.git synced 2025-03-05 20:50:17 -08:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix(editor): Prevent XSS in node-issues tooltip (#9490)

Browse source
This commit is contained in:
कारतोफ्फेलस्क्रिप्ट™ 2024-05-22 18:40:42 +02:00 committed by GitHub
parent 0deb7d0fcc
commit 301e846cf6
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 4 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
packages/editor-ui/src/components/Node.vue
View file

@ -180,6 +180,7 @@
<script lang="ts"> <script lang="ts">
import { defineComponent } from 'vue'; import { defineComponent } from 'vue';
import { mapStores } from 'pinia'; import { mapStores } from 'pinia';
import xss from 'xss';
import { useStorage } from '@/composables/useStorage'; import { useStorage } from '@/composables/useStorage';
import { import {
CUSTOM_API_CALL_KEY, CUSTOM_API_CALL_KEY,
@ -467,11 +468,9 @@ export default defineComponent({
if (nodeExecutionRunData) { if (nodeExecutionRunData) {
nodeExecutionRunData.forEach((executionRunData) => { nodeExecutionRunData.forEach((executionRunData) => {
if (executionRunData?.error) { if (executionRunData?.error) {
issues.push( const { message, description } = executionRunData.error;
`${executionRunData.error.message}${ const issue = `${message}${description ? ` (${description})` : ''}`;
executionRunData.error.description ? ` (${executionRunData.error.description})` : '' issues.push(xss(issue));
}`,
);
} }
}); });
} }