Closed B3EF closed 3 years ago
Thanks @B3EF. for the first report see https://github.com/netlify/netlify-cms/issues/4099 and https://github.com/netlify/netlify-cms/blob/dbf2920254fb3682e12463a6df8ded4b94b55be0/packages/netlify-cms-widget-markdown/src/MarkdownPreview.js#L21
Looking into the others ones.
hi @erezrokah the pr #4099 seems that its been fixed but , lately while i was testing in the new one , it seems to be popping up alerts for objects other than custom strings in the alert box.
hi @erezrokah the pr #4099 seems that its been fixed but , lately while i was testing in the new one , it seems to be popping up alerts for objects other than custom strings in the alert box.
Are you setting the sanitize_preview
configuration for the markdown field?
yes i have tried changing the preview from rich text to md , then also the alert pops up.
Can you share your config.yml
?
yes you are right seems like i haven't set the sanitize_preview in the config.yml file ? how can i add it ? is there any syntax to be followed like sanitize_preview : true ?
On your markdown field add sanitize_preview: true
e.g.
- { label: 'Body', name: 'body', widget: 'markdown', sanitize_preview: true }
Is your demo site configured with sanitize_preview true ? Because I am getting pop up in that.
Is your demo site configured with sanitize_preview true ? Because I am getting pop up in that.
No it's not - see https://github.com/netlify/netlify-cms/blob/b94d5f6e7fe07a2816098b377b30a4ddd39c9520/dev-test/config.yml
then you are right , it was a mistake from my side thanks for your time.
i will close the first report , or you can invalidate it. cheers 👍🏻
have you checked the other ones?
i will close the first report , or you can invalidate it. cheers 👍🏻
Thanks!
have you checked the other ones?
I've passed them to our security team for further analysis. I'll add my thoughts on the specific reports too.
Hi @erezrokah , huntr have reduced the severity level for both.
hi , any updates.
Hi @B3EF, sorry for the delay. I was out of office for a few days. I'll follow up this week
No problem , take your time.
Closing per my latest comments on huntr
Reports at Huntr report : 1 report : 2 report : 3