fixed XSS vulnerabilities in the Rule node

2025-09-17 12:25:23 +03:00 · 2025-09-17 12:25:23 +03:00 · 95ed1408f3
commit 95ed1408f3
parent 0c1e068ec4
4 changed files with 18 additions and 3 deletions
--- a/ui-ngx/src/app/core/interceptors/global-http-interceptor.ts
+++ b/ui-ngx/src/app/core/interceptors/global-http-interceptor.ts
@ -30,6 +30,7 @@ import { DialogService } from '@core/services/dialog.service';
 import { TranslateService } from '@ngx-translate/core';
 import { parseHttpErrorMessage } from '@core/utils';
 import { getInterceptorConfig } from './interceptor.util';
+import { DomSanitizer } from '@angular/platform-browser';

 const tmpHeaders = {};

@ -46,6 +47,7 @@ export class GlobalHttpInterceptor implements HttpInterceptor {
    private dialogService: DialogService,
    private translate: TranslateService,
    private authService: AuthService,
+    private sanitizer: DomSanitizer
  ) {}

  intercept(req: HttpRequest<any>, next: HttpHandler): Observable<HttpEvent<any>> {
@ -129,7 +131,7 @@ export class GlobalHttpInterceptor implements HttpInterceptor {
    }

    if (unhandled && !ignoreErrors) {
-      const errorMessageWithTimeout = parseHttpErrorMessage(errorResponse, this.translate, req.responseType);
+      const errorMessageWithTimeout = parseHttpErrorMessage(errorResponse, this.translate, req.responseType, this.sanitizer);
      this.showError(errorMessageWithTimeout.message, errorMessageWithTimeout.timeout);
    }
    return throwError(() => errorResponse);
--- a/ui-ngx/src/app/core/utils.ts
+++ b/ui-ngx/src/app/core/utils.ts
@ -31,6 +31,8 @@ import {
  isNotEmptyTbFunction,
  TbFunction
 } from '@shared/models/js-function.models';
+import { DomSanitizer } from '@angular/platform-browser';
+import { SecurityContext } from '@angular/core';

 const varsRegex = /\${([^}]*)}/g;

@ -809,7 +811,7 @@ export function getEntityDetailsPageURL(id: string, entityType: EntityType): str
 }

 export function parseHttpErrorMessage(errorResponse: HttpErrorResponse,
-                                      translate: TranslateService, responseType?: string): {message: string; timeout: number} {
+                                      translate: TranslateService, responseType?: string, sanitizer?:DomSanitizer): {message: string; timeout: number} {
  let error = null;
  let errorMessage: string;
  let timeout = 0;
@ -837,6 +839,9 @@ export function parseHttpErrorMessage(errorResponse: HttpErrorResponse,
    errorText += errorKey ? translate.instant(errorKey) : errorResponse.statusText;
    errorMessage = errorText;
  }
+  if(sanitizer) {
+    errorMessage = sanitizer.sanitize(SecurityContext.HTML,errorMessage);
+  }
  return {message: errorMessage, timeout};
 }

--- a/ui-ngx/src/app/modules/home/pages/rulechain/rule-node-details.component.ts
+++ b/ui-ngx/src/app/modules/home/pages/rulechain/rule-node-details.component.ts
@ -22,6 +22,7 @@ import {
  OnDestroy,
  OnInit,
  Output,
+  SecurityContext,
  SimpleChanges,
  ViewChild
 } from '@angular/core';
--- a/ui-ngx/src/app/modules/home/pages/rulechain/rulechain-page.component.ts
+++ b/ui-ngx/src/app/modules/home/pages/rulechain/rulechain-page.component.ts
@ -26,6 +26,7 @@ import {
  OnInit,
  QueryList,
  Renderer2,
+  SecurityContext,
  SkipSelf,
  ViewChild,
  ViewChildren,
@ -97,6 +98,7 @@ import { HttpStatusCode } from '@angular/common/http';
 import { TbContextMenuEvent } from '@shared/models/jquery-event.models';
 import { EntityDebugSettings } from '@shared/models/entity.models';
 import Timeout = NodeJS.Timeout;
+import { DomSanitizer } from '@angular/platform-browser';

@Component({
  selector: 'tb-rulechain-page',
@ -273,6 +275,7 @@ export class RuleChainPageComponent extends PageComponent
              private renderer: Renderer2,
              private viewContainerRef: ViewContainerRef,
              private changeDetector: ChangeDetectorRef,
+              private sanitizer:DomSanitizer,
              public dialog: MatDialog,
              public dialogService: DialogService,
              public fb: FormBuilder) {
@ -1360,9 +1363,13 @@ export class RuleChainPageComponent extends PageComponent
        name = node.name;
        desc = this.translate.instant(ruleNodeTypeDescriptors.get(node.component.type).name) + ' - ' + node.component.name;
        if (node.additionalInfo) {
-          details = node.additionalInfo.description;
+          details = this.sanitizer.sanitize(SecurityContext.HTML, node.additionalInfo.description);
        }
      }
+      
+      name = this.sanitizer.sanitize(SecurityContext.HTML, name);
+      desc = this.sanitizer.sanitize(SecurityContext.HTML, desc);
+
      let tooltipContent = '<div class="tb-rule-node-tooltip">' +
        '<div id="tb-node-content">' +
        '<div class="tb-node-title">' + name + '</div>' +