diff --git a/CHANGELOG.rst b/CHANGELOG.rst index da77c0c35..635d40ac2 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -17,6 +17,7 @@ Changed Reported by @cded from @Bitovi + Fixed ~~~~~ * Fixed CircleCI tests @@ -27,6 +28,10 @@ Fixed Contributed by @luislobo +* Escaped text in notifications. #990 + + Contributed by @cded from @Bitovi + v2.4.3 ------ diff --git a/Dockerfile b/Dockerfile index fe31ee43c..846e7af6e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM node:14.20.0 +FROM node:14.20.1 # Create app directory WORKDIR /opt/stackstorm/static/webui/st2web diff --git a/Dockerfile-dev b/Dockerfile-dev index c47aabdc6..a54783c3f 100644 --- a/Dockerfile-dev +++ b/Dockerfile-dev @@ -1,4 +1,4 @@ -FROM node:14.20.0 +FROM node:14.20.1 # Create app directory WORKDIR /opt/stackstorm/static/webui/st2web diff --git a/Dockerfile-nginx b/Dockerfile-nginx index dd2660d1d..b70a09312 100644 --- a/Dockerfile-nginx +++ b/Dockerfile-nginx @@ -1,4 +1,4 @@ -FROM node:14.20.0 as build +FROM node:14.20.1 as build # Create app directory WORKDIR /opt/stackstorm/static/webui/st2web diff --git a/Dockerfile-nginx-dev b/Dockerfile-nginx-dev index 93ddc2a29..3d59b9ac4 100644 --- a/Dockerfile-nginx-dev +++ b/Dockerfile-nginx-dev @@ -1,4 +1,4 @@ -FROM node:14.20.0 as build +FROM node:14.20.1 as build # Create app directory WORKDIR /opt/stackstorm/static/webui/st2web diff --git a/modules/st2-notification/notification.js b/modules/st2-notification/notification.js index 4dedd0574..783fb32da 100644 --- a/modules/st2-notification/notification.js +++ b/modules/st2-notification/notification.js @@ -11,6 +11,7 @@ // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. +const escapeHtml = require('escape-html'); const Noty = (function() { // don't include this during testing @@ -43,6 +44,7 @@ export class Notification { } notify(type, text, { buttons = [], err, execution_id, ...options } = {}) { + text = escapeHtml(text); if (err) { let expanded = !!execution_id; let stack = null;