Skip to content

Commit bb2aab5

Browse files
mbaludambaluda
committed
Address review
1 parent 0b88cb8 commit bb2aab5

File tree

3 files changed

+12
-9
lines changed

3 files changed

+12
-9
lines changed

javascript/frameworks/ui5/test/models/sink/UI5ViewSinkTest.expected

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,2 +1,3 @@
1-
| sink1.xml:6:5:6:44 | content={path: '/input'} | The binding path `content={path: '/input'}` is an HTML injection sink. |
2-
| sink1.xml:8:5:8:73 | value={path: '/input'} | The binding path `value={path: '/input'}` is an HTML injection sink. |
1+
| sink1.xml:7:5:7:68 | content={path: '/input'} | The binding path `content={path: '/input'}` is an HTML injection sink. |
2+
| sink1.xml:8:5:8:44 | content={path: '/input'} | The binding path `content={path: '/input'}` is an HTML injection sink. |
3+
| sink1.xml:10:5:10:73 | value={path: '/input'} | The binding path `value={path: '/input'}` is an HTML injection sink. |

javascript/frameworks/ui5/test/models/sink/sink.js

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -126,11 +126,11 @@ sap.ui.define(
126126
var value = sap.ui.core.util.File.save(code0, code1, "csv", "text/plain", code4, code5);
127127
var value = sap.ui.core.util.File.save(code0, code1, code2, code3, code4, code5);
128128

129-
var obj = new HTML({ content: code0, sanitizeContent: true }); // FP
130-
var obj = new HTML({ content: code0, sanitizeContent: false });
129+
var obj = new HTML({ content: code0, sanitizeContent: true }); // SAFE: Content is sanitized
130+
var obj = new HTML({ content: code0, sanitizeContent: false }); // UNSAFE: Content is explicitly not sanitized
131131

132-
var obj = new RichTextEditor({ value: code0 });
133-
var obj = new RichTextEditor({ value: code0, sanitizeValue: true });
134-
var obj = new RichTextEditor({ value: code0, sanitizeValue: false }); // FN
132+
var obj = new RichTextEditor({ value: code0 }); // SAFE: Content is sanitized by default
133+
var obj = new RichTextEditor({ value: code0, sanitizeValue: true }); // SAFE: Content is sanitized
134+
var obj = new RichTextEditor({ value: code0, sanitizeValue: false }); // UNSAFE: Content is explicitly not sanitized
135135
},
136136
);

javascript/frameworks/ui5/test/models/sink/sink1.xml

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,8 +3,10 @@
33
xmlns:core="sap.ui.core"
44
xmlns:mvc="sap.ui.core.mvc"
55
xmlns:rte="sap.ui.richtexteditor">
6-
<core:HTML content="{path: '/input'}"/> <!--XSS sink sap.ui.core.HTML.content -->
76
<core:HTML content="{path: '/input'}" sanitizeContent="true"/> <!--sanitized XSS sink sap.ui.core.HTML.content -->
7+
<core:HTML content="{path: '/input'}" sanitizeContent="false"/> <!--XSS sink sap.ui.core.HTML.content -->
8+
<core:HTML content="{path: '/input'}"/> <!--XSS sink sap.ui.core.HTML.content -->
9+
<rte:RichTextEditor value="{path: '/input'}" sanitizeValue="true"/> <!--sanitized XSS sink sap.ui.core.HTML.content -->
810
<rte:RichTextEditor value="{path: '/input'}" sanitizeValue="false"/> <!--XSS sink sap.ui.core.HTML.content -->
9-
<rte:RichTextEditor value="{path: '/input'}"/> <!--sanitized XSS sink sap.ui.core.HTML.content -->
11+
<rte:RichTextEditor value="{path: '/input'}"/> <!--default sanitized XSS sink sap.ui.core.HTML.content -->
1012
</mvc:View>

0 commit comments

Comments
 (0)