[ui-cve]Upgrade sanitize-html to fix CVE-2024-21501 (#3769)

cloudera · Jun 28, 2024 · db70a86 · db70a86
1 parent 4cb7a52
commit db70a86
Show file tree

Hide file tree

Showing 3 changed files with 78 additions and 42 deletions.
diff --git a/desktop/core/src/desktop/js/utils/html/deXSS.ts b/desktop/core/src/desktop/js/utils/html/deXSS.ts
@@ -20,6 +20,10 @@ const deXSS = (str?: undefined | boolean | string | number | null, options?: IOp
   if (str === null) {
     return 'null';
   }
+  //Fix for sanitize HTML returns empty string for boolean false values.
+  if (typeof str === 'boolean') {
+    return str.toString();
+  }
   if (typeof str !== 'undefined') {
     return sanitizeHtml(str as string, options) || '';
   }

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -72,7 +72,7 @@
     "react-joyride": "2.7.0",
     "regenerator-runtime": "0.13.7",
     "removeNPMAbsolutePaths": "1.0.6",
-    "sanitize-html": "2.7.2",
+    "sanitize-html": "2.13.0",
     "select2": "4.0.13",
     "selectize-plugin-clear": "0.0.3",
     "sprintf-js": "1.1.2",
@@ -141,7 +141,7 @@
     "sass": "1.34.0",
     "sass-loader": "11.1.1",
     "snarkdown": "2.0.0",
-    "source-map-loader": "3.0.0",
+    "source-map-loader": "5.0.0",
     "style-loader": "2.0.0",
     "styled-components": "6.0.8",
     "stylelint": "14.3.0",