Brijesh619 opened a new pull request, #641:
URL: https://github.com/apache/atlas/pull/641
**What changes were proposed in this pull request?**
Upgraded sanitize-html dependency from 2.13.0 to 2.17.4
Fixed critical XSS vulnerability reported in npm audit
Addressed security issue related to unsafe raw-text passthrough handling
(xmp tag)
Verified compatibility with existing rich text rendering and sanitization
flows
No functional business logic changes were introduced
**Related vulnerability:**
GHSA-rpr9-rxv7-x643
How was this patch tested?
Manual Testing
**Validated rich text editor and HTML rendering flows across the
application:**
Classification form
Glossary form
Business Metadata form
BM Attributes fields
HTML renderer components
Show more text components
Security Validation
**Tested sanitization against malicious HTML payloads:**
<script>alert('xss')</script>
<img src=x onerror=alert('xss')>
<xmp><script>alert('xss')</script></xmp>
**Verified:**
scripts are removed/sanitized correctly
no JavaScript execution occurs
formatting and existing rich text rendering continue to work as expected
Additional Validation
Executed npm audit after dependency upgrade
Verified application builds successfully
Performed regression testing for ReactQuill editor content rendering and
display flows
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
