N°8205 - Security hardening

2026-04-19 16:48:42 +02:00 · 2025-05-20 09:48:00 +02:00
parent d72e861dfe
commit a5545b0084
1 changed files with 11 additions and 2 deletions
--- a/datamodels/2.x/itop-portal-base/portal/templates/bricks/manage/layout-table.html.twig
+++ b/datamodels/2.x/itop-portal-base/portal/templates/bricks/manage/layout-table.html.twig
@@ -156,8 +156,17 @@
 		                        return row.attributes[attribute_code].sort_value;
 							},
 	                        filter: function (attribute_code, type, row) {
-                        		return $.text($.parseHTML(row.attributes[attribute_code]['value_html']));
-	                        },
+                                // Check if the attribute and value_html exist
+                                if (!row.attributes[attribute_code] || !row.attributes[attribute_code]['value_html']) {
+                                    return '';
+                                }
+
+                                // Create a temporary div outside the DOM to filter out XSS
+                                const tempDiv = document.createElement('div');
+                                tempDiv.textContent = row.attributes[attribute_code]['value_html'];
+
+                                return tempDiv.textContent;
+                            },
 						},
                    });
                }