21026: sanitized banner and reworked banner.html to accommodate files Arvados-DCO...

diff --git a/src/common/html-sanitize.ts b/src/common/html-sanitize.ts
index 93ebfaa2efee8fa3ff5dcbcb33b28fd8096ad4de..79ed93495842af2cf76351aa23d1e316ebfae21d 100644 (file)
--- a/src/common/html-sanitize.ts
+++ b/src/common/html-sanitize.ts
@@ -41,9 +41,11 @@ const domPurifyConfig: TDomPurifyConfig = {
         'sub',
         'sup',
         'ul',
+        'span',
+        'section'
     ],
     ALLOWED_ATTR: ['src', 'width', 'height', 'href', 'alt', 'title', 'style' ],
 };
 
-export const sanitizeHTML = (dirtyInput: string): string => DOMPurify.sanitize(dirtyInput, domPurifyConfig);
+export const sanitizeHTML = (dirtyString: string): string => DOMPurify.sanitize(dirtyString, domPurifyConfig);
 

diff --git a/src/views-components/baner/banner.tsx b/src/views-components/baner/banner.tsx
index 7e39186c09f8d852f7868ed26579dd0a4e619eba..ac5b89439cfa10e1505b879c099b732b12d97f35 100644 (file)
--- a/src/views-components/baner/banner.tsx
+++ b/src/views-components/baner/banner.tsx
@@ -10,6 +10,7 @@ import bannerActions from "store/banner/banner-action";
 import { ArvadosTheme } from "common/custom-theme";
 import servicesProvider from "common/service-provider";
 import { Dispatch } from "redux";
+import { sanitizeHTML } from "common/html-sanitize";
 
 type CssRules = "dialogContent" | "dialogContentIframe";
 
@@ -92,7 +93,7 @@ export const BannerComponent = (props: BannerComponentProps) => {
         >
             <div data-cy="confirmation-dialog">
                 <DialogContent className={props.classes.dialogContent}>
-                    <div dangerouslySetInnerHTML={{ __html: bannerContents }}></div>
+                    <div dangerouslySetInnerHTML={{ __html: sanitizeHTML(bannerContents) }}></div>
                 </DialogContent>
                 <DialogActions style={{ margin: "0px 24px 24px" }}>
                     <Button