From 95ed1408f3c8cf38e09ecb6e9ed47eac0c09629b Mon Sep 17 00:00:00 2001 From: Maksym Tsymbarov Date: Wed, 17 Sep 2025 12:25:23 +0300 Subject: [PATCH 1/2] fixed XSS vulnerabilities in the Rule node --- .../src/app/core/interceptors/global-http-interceptor.ts | 4 +++- ui-ngx/src/app/core/utils.ts | 7 ++++++- .../home/pages/rulechain/rule-node-details.component.ts | 1 + .../home/pages/rulechain/rulechain-page.component.ts | 9 ++++++++- 4 files changed, 18 insertions(+), 3 deletions(-) diff --git a/ui-ngx/src/app/core/interceptors/global-http-interceptor.ts b/ui-ngx/src/app/core/interceptors/global-http-interceptor.ts index 12d3c78817..dccda985b4 100644 --- a/ui-ngx/src/app/core/interceptors/global-http-interceptor.ts +++ b/ui-ngx/src/app/core/interceptors/global-http-interceptor.ts @@ -30,6 +30,7 @@ import { DialogService } from '@core/services/dialog.service'; import { TranslateService } from '@ngx-translate/core'; import { parseHttpErrorMessage } from '@core/utils'; import { getInterceptorConfig } from './interceptor.util'; +import { DomSanitizer } from '@angular/platform-browser'; const tmpHeaders = {}; @@ -46,6 +47,7 @@ export class GlobalHttpInterceptor implements HttpInterceptor { private dialogService: DialogService, private translate: TranslateService, private authService: AuthService, + private sanitizer: DomSanitizer ) {} intercept(req: HttpRequest, next: HttpHandler): Observable> { @@ -129,7 +131,7 @@ export class GlobalHttpInterceptor implements HttpInterceptor { } if (unhandled && !ignoreErrors) { - const errorMessageWithTimeout = parseHttpErrorMessage(errorResponse, this.translate, req.responseType); + const errorMessageWithTimeout = parseHttpErrorMessage(errorResponse, this.translate, req.responseType, this.sanitizer); this.showError(errorMessageWithTimeout.message, errorMessageWithTimeout.timeout); } return throwError(() => errorResponse); diff --git a/ui-ngx/src/app/core/utils.ts b/ui-ngx/src/app/core/utils.ts index 0fc948ac96..8ef3dc074e 100644 --- a/ui-ngx/src/app/core/utils.ts +++ b/ui-ngx/src/app/core/utils.ts @@ -31,6 +31,8 @@ import { isNotEmptyTbFunction, TbFunction } from '@shared/models/js-function.models'; +import { DomSanitizer } from '@angular/platform-browser'; +import { SecurityContext } from '@angular/core'; const varsRegex = /\${([^}]*)}/g; @@ -809,7 +811,7 @@ export function getEntityDetailsPageURL(id: string, entityType: EntityType): str } export function parseHttpErrorMessage(errorResponse: HttpErrorResponse, - translate: TranslateService, responseType?: string): {message: string; timeout: number} { + translate: TranslateService, responseType?: string, sanitizer?:DomSanitizer): {message: string; timeout: number} { let error = null; let errorMessage: string; let timeout = 0; @@ -837,6 +839,9 @@ export function parseHttpErrorMessage(errorResponse: HttpErrorResponse, errorText += errorKey ? translate.instant(errorKey) : errorResponse.statusText; errorMessage = errorText; } + if(sanitizer) { + errorMessage = sanitizer.sanitize(SecurityContext.HTML,errorMessage); + } return {message: errorMessage, timeout}; } diff --git a/ui-ngx/src/app/modules/home/pages/rulechain/rule-node-details.component.ts b/ui-ngx/src/app/modules/home/pages/rulechain/rule-node-details.component.ts index 05f7261c44..3f52cc0f61 100644 --- a/ui-ngx/src/app/modules/home/pages/rulechain/rule-node-details.component.ts +++ b/ui-ngx/src/app/modules/home/pages/rulechain/rule-node-details.component.ts @@ -22,6 +22,7 @@ import { OnDestroy, OnInit, Output, + SecurityContext, SimpleChanges, ViewChild } from '@angular/core'; diff --git a/ui-ngx/src/app/modules/home/pages/rulechain/rulechain-page.component.ts b/ui-ngx/src/app/modules/home/pages/rulechain/rulechain-page.component.ts index 2ac9b806e6..f7ead66646 100644 --- a/ui-ngx/src/app/modules/home/pages/rulechain/rulechain-page.component.ts +++ b/ui-ngx/src/app/modules/home/pages/rulechain/rulechain-page.component.ts @@ -26,6 +26,7 @@ import { OnInit, QueryList, Renderer2, + SecurityContext, SkipSelf, ViewChild, ViewChildren, @@ -97,6 +98,7 @@ import { HttpStatusCode } from '@angular/common/http'; import { TbContextMenuEvent } from '@shared/models/jquery-event.models'; import { EntityDebugSettings } from '@shared/models/entity.models'; import Timeout = NodeJS.Timeout; +import { DomSanitizer } from '@angular/platform-browser'; @Component({ selector: 'tb-rulechain-page', @@ -273,6 +275,7 @@ export class RuleChainPageComponent extends PageComponent private renderer: Renderer2, private viewContainerRef: ViewContainerRef, private changeDetector: ChangeDetectorRef, + private sanitizer:DomSanitizer, public dialog: MatDialog, public dialogService: DialogService, public fb: FormBuilder) { @@ -1360,9 +1363,13 @@ export class RuleChainPageComponent extends PageComponent name = node.name; desc = this.translate.instant(ruleNodeTypeDescriptors.get(node.component.type).name) + ' - ' + node.component.name; if (node.additionalInfo) { - details = node.additionalInfo.description; + details = this.sanitizer.sanitize(SecurityContext.HTML, node.additionalInfo.description); } } + + name = this.sanitizer.sanitize(SecurityContext.HTML, name); + desc = this.sanitizer.sanitize(SecurityContext.HTML, desc); + let tooltipContent = '
' + '
' + '
' + name + '
' + From 986d6289b9e57d4c224d609c5776585380d3d94e Mon Sep 17 00:00:00 2001 From: Maksym Tsymbarov Date: Wed, 24 Sep 2025 13:16:04 +0300 Subject: [PATCH 2/2] remove unused dependency --- .../modules/home/pages/rulechain/rule-node-details.component.ts | 1 - 1 file changed, 1 deletion(-) diff --git a/ui-ngx/src/app/modules/home/pages/rulechain/rule-node-details.component.ts b/ui-ngx/src/app/modules/home/pages/rulechain/rule-node-details.component.ts index 3f52cc0f61..05f7261c44 100644 --- a/ui-ngx/src/app/modules/home/pages/rulechain/rule-node-details.component.ts +++ b/ui-ngx/src/app/modules/home/pages/rulechain/rule-node-details.component.ts @@ -22,7 +22,6 @@ import { OnDestroy, OnInit, Output, - SecurityContext, SimpleChanges, ViewChild } from '@angular/core';