Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

System doesn't filter out and do execute html tags and javascript in custom query feature text #3843

Closed
AlexeyGirin opened this issue Jan 5, 2024 · 2 comments · Fixed by #4567 or #4579
Closed

System doesn't filter out and do execute html tags and javascript in custom query feature text #3843

AlexeyGirin opened this issue Jan 5, 2024 · 2 comments · Fixed by #4567 or #4579
Assignees
@ilya-asiyuk-epam
Labels
bug Priority: High
Milestone
Ketcher 2.21.0-rc.2

Comments

@AlexeyGirin
Copy link
Collaborator

AlexeyGirin commented Jan 5, 2024
edited
Loading

Steps to Reproduce
Case 1:

  1. Load molecule from file: HTML and JS injections.zip (unzip first)
  2. Hover mouse over bond or atom

Actual behavior
System shows tooltip with bold and italic text (i.e. execute html tags) and execute javascript code
image

Expected behavior
No execution of code, no execution of html tags

Case 2:

  1. Load molecule from file: ketcher_html_injection_example.zip (unzip first)
  2. Hover mouse over bond or atom

Actual behavior
System shows tooltip with bold and italic text (i.e. execute html tags) and execute javascript code
image

Expected behavior
No execution of code, no execution of html tags

Issue found while testing epam/Indigo#1446

Desktop (please complete the following information):

  • OS: Win10
  • Browser Chrome Version 120.0.6099.130 (Official Build) (64-bit)

Ketcher version [e.g. v2.4.2].
Ketcher Version 2.15.0-rc.4 Build at 2023-10-25; 14:15:43
Indigo Toolkit Version 1.18.0-dev.2.0-g369c82f8c-x86_64-linux-gnu-11.4.0
@AlexeyGirin AlexeyGirin added this to the Macromolecules Milestone 5 milestone Jan 5, 2024
@AlexeyGirin
Copy link
Collaborator Author

To @rrodionov91

@ilya-asiyuk-epam ilya-asiyuk-epam self-assigned this May 1, 2024
ilya-asiyuk-epam added a commit that referenced this issue May 2, 2024
@ilya-asiyuk-epam
#3843 - System doesn't filter out and do execute html tags and javasc…
506ae5e 
…ript in custom query feature text
@ilya-asiyuk-epam ilya-asiyuk-epam linked a pull request May 2, 2024 that will close this issue
#3843 - System doesn't filter out and do execute html tags and javascript in custom query feature text #4567
Merged
9 tasks
ilya-asiyuk-epam added a commit that referenced this issue May 2, 2024
@ilya-asiyuk-epam
#3843 - System doesn't filter out and do execute html tags and javasc…
85e6835 
…ript in custom query feature text
ilya-asiyuk-epam added a commit that referenced this issue May 2, 2024
@ilya-asiyuk-epam
Merge pull request #4567 from epam/3843-system-doesnot-filter-out-and…
7cdc61c 
…-do-execute-html-tags-and-javascript-in-custom-query-feature-text

#3843 - System doesn't filter out and do execute html tags and javascript in custom query feature text
ilya-asiyuk-epam added a commit that referenced this issue May 6, 2024
@ilya-asiyuk-epam
Backmerge: #3843 - System doesn't filter out and do execute html tags…
7c8c437 
… and javascript in custom query feature text
@ilya-asiyuk-epam ilya-asiyuk-epam linked a pull request May 7, 2024 that will close this issue
Backmerge: #3843 - System doesn't filter out and do execute html tags and javascript in custom query feature text #4579
Merged
9 tasks
AlexanderSavelyev pushed a commit that referenced this issue May 7, 2024
@ilya-asiyuk-epam
Backmerge: #3843 - System doesn't filter out and do execute html tags…
1ae7c45 
… and javascript in custom query feature text (#4579)
@AlexeyGirin
Copy link
Collaborator Author

AlexeyGirin commented May 7, 2024
edited
Loading

Verified.

  • Windows 10
  • Chrome Version Version 124.0.6367.119 (Official Build) (64-bit)
  • Ketcher Version 2.21.0-rc.2 Build at 2024-05-07; 12:32:44
  • Indigo Toolkit Version 1.20.0-rc.2.0-g111a89f35-wasm32-wasm-clang-12.0.0
    image image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ilya-asiyuk-epam ilya-asiyuk-epam

Labels
bug Priority: High
Projects
Ketcher
Status: Done
Milestone
Ketcher 2.21.0-rc.2
5 participants
@rrodionov91 @AlexeyGirin @Konstantin1996 @Nitvex @ilya-asiyuk-epam