[MGNLUI-7219] As a developer I want to provide grid columns with HTML support safely Created: 08/Jun/22  Updated: 18/Aug/22  Resolved: 28/Jun/22

Status: Closed
Project: Magnolia UI
Component/s: None
Affects Version/s: None
Fix Version/s: 6.3.0, 6.2.21

Type: Story Priority: Neutral
Reporter: Roman Kovařík Assignee: Roman Kovařík
Resolution: Fixed Votes: 0
Labels: None
Σ Remaining Estimate: Not Specified Remaining Estimate: Not Specified
Σ Time Spent: 0.5d Time Spent: Not Specified
Σ Original Estimate: Not Specified Original Estimate: Not Specified

Issue Links:
dependency
supersession
supersedes PAGES-557 Empty node name when using illegal ch... Closed
Sub-Tasks:
Key
Summary
Type
Status
Assignee
MGNLUI-7222 Docu Sub-task Completed Roman Kovařík  
MGNLUI-7261 Code rw Sub-task Completed Adam Siska  
MGNLUI-7262 Preint QA Sub-task Completed Adam Siska  
MGNLUI-7267 Provide PR Sub-task Completed Roman Kovařík  
MGNLUI-7268 Write tests Sub-task Closed Roman Kovařík  
MGNLUI-7269 Port to master Sub-task Completed Roman Kovařík  
MGNLUI-7288 Docu r/v Sub-task Completed Martin Drápela  
MGNLUI-7290 QA Sub-task Completed Sang Ngo Huu  
MGNLUI-7301 Integrate docu PR Sub-task Completed Adam Siska  
Template:
Acceptance criteria:
Empty
Task DoD:
[X]* Doc/release notes changes? Comment present?
[X]* Downstream builds green?
[X]* Solution information and context easily available?
[X]* Tests
[X]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Epic Link: XSS in grid columns
Sprint: Nucleus 13
Story Points: 3
Team: Nucleus

 Description   

Provide An AbstractSafeHtmlColumnDefinition provides:

    • Uses a SafeHtmlColumnRenderer which extends HtmlColumnRenderer (so HtmlCleaningRenderer is not used as the developer is responsible to provide escaped values for this column)
    • Provides an AbstractValueProvider with an escape method which is consistently used across all apps (so we can fix/change the escape impl globally)

Improve https://docs.magnolia-cms.com/product-docs/6.2/Apps/App-configuration/Column-definition.html and Document AbstractSafeHtmlColumnDefinition.

 

 

 


Generated at Mon Feb 12 09:44:13 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.