Skip to content

Run welcome message through DOMPurify before rendering it#1378

Merged
nscuro merged 1 commit intoDependencyTrack:masterfrom
nscuro:welcome-message-dompurify
Nov 12, 2025
Merged

Run welcome message through DOMPurify before rendering it#1378
nscuro merged 1 commit intoDependencyTrack:masterfrom
nscuro:welcome-message-dompurify

Conversation

@nscuro
Copy link
Member

@nscuro nscuro commented Nov 12, 2025

Description

Runs welcome message through DOMPurify before rendering it.

Addressed Issue

N/A

Additional Details

N/A

Checklist

Signed-off-by: nscuro <nscuro@protonmail.com>
@nscuro nscuro added this to the 4.14.0 milestone Nov 12, 2025
Copilot AI review requested due to automatic review settings November 12, 2025 13:19
@nscuro nscuro added defect Something isn't working backport/4.13.6 PRs to be backported to version 4.13.6 labels Nov 12, 2025
@owasp-dt-bot
Copy link

Snyk checks have passed. No issues have been found so far.

Status Scanner Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds XSS protection by sanitizing HTML content in welcome messages using DOMPurify before rendering them in the UI. This is a security enhancement that prevents potential cross-site scripting attacks through user-configurable HTML content.

  • Imported DOMPurify library in both Login and WelcomeMessage components
  • Sanitized welcome message content before rendering with v-html
  • Created a computed property in WelcomeMessage for sanitization to maintain separation of concerns

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
src/views/pages/Login.vue Imported DOMPurify and sanitized the welcome message during API response handling
src/views/administration/configuration/WelcomeMessage.vue Imported DOMPurify, added computed property for sanitized message, and updated template to use sanitized version

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@nscuro nscuro merged commit 8fd757b into DependencyTrack:master Nov 12, 2025
16 checks passed
@nscuro nscuro deleted the welcome-message-dompurify branch November 12, 2025 13:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

backport/4.13.6 PRs to be backported to version 4.13.6 defect Something isn't working

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants

Comments