Adds sanitize to conversation messages #2213

pmcneill · 2023-05-24T18:59:38Z

Conversation messages rely on the output-side rendering to escape any malicious HTML. This adds a sanitize_field call to the body property to clean up the saved data and ensure that API-provided messages are safe as well.

Test plan

Open browser developer tools network panel
Send a conversation message to someone and verify it's received
In Chrome, copy the request out as a cURL command. Edit the message in the JSON to include some HTML with an onClick event.
Invoke the cURL command to send another message
Verify that the HTML was stripped

Conversation messages rely on the output-side rendering to escape any malicious HTML. This adds a sanitize_field call to the body property to clean up the saved data and ensure that API-provided messages are safe as well. Test plan - Open browser developer tools network panel - Send a conversation message to someone and verify it's received - In Chrome, copy the request out as a cURL command. Edit the message in the JSON to include some HTML with an onClick event. - Invoke the cURL command to send another message - Verify that the HTML was stripped

CLAassistant · 2023-05-24T18:59:43Z

All committers have signed the CLA.

auto-assign bot assigned maths22 May 24, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Adds sanitize to conversation messages #2213

Adds sanitize to conversation messages #2213

pmcneill commented May 24, 2023

CLAassistant commented May 24, 2023 •

edited

Adds sanitize to conversation messages #2213

Are you sure you want to change the base?

Adds sanitize to conversation messages #2213

Conversation

pmcneill commented May 24, 2023

CLAassistant commented May 24, 2023 • edited

CLAassistant commented May 24, 2023 •

edited