[CVE] Change version of sanitize-html to 2.7.2 and handle null condit…

…ion for deXSS function (#3005) Co-authored-by: reshma <[email protected]> Co-authored-by: Harsh Gupta <[email protected]>
cloudera · Sep 22, 2022 · 8611218 · 8611218
1 parent f8ed919
commit 8611218
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 15 deletions.
diff --git a/desktop/core/src/desktop/js/utils/html/deXSS.ts b/desktop/core/src/desktop/js/utils/html/deXSS.ts
@@ -16,7 +16,14 @@
 
 import sanitizeHtml from 'sanitize-html';
 
-const deXSS = (str?: boolean | string | number | null): string =>
-  (typeof str !== 'undefined' && sanitizeHtml(str as string)) || '';
+const deXSS = (str?: boolean | string | number | null): string => {
+  if (str === null) {
+    return 'null';
+  }
+  if (typeof str !== 'undefined') {
+    return sanitizeHtml(str as string) || '';
+  }
+  return '';
+};
 
 export default deXSS;
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -64,7 +64,7 @@
     "react-dom": "^18.1.0",
     "regenerator-runtime": "^0.13.3",
     "removeNPMAbsolutePaths": "^1.0.4",
-    "sanitize-html": "^2.1.2",
+    "sanitize-html": "^2.7.2",
     "select2": "3.5.1",
     "selectize": "0.12.6",
     "selectize-plugin-clear": "0.0.3",