ms-rest-js icon indicating copy to clipboard operation
ms-rest-js copied to clipboard

Published 20 hours ago verified publisher icon Azure

SecurityType requirement from DomParser directly

Open Czhang0727 opened this issue 3 years ago • 2 comments

Is your feature request related to a problem? Please describe. A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] As Office org is moving to SecurityType, we are not allow to use DOMParser directly. https://github.com/Azure/ms-rest-js/blob/23475a899c66d74d15d92c1a02bb9d0f7315d0a3/lib/util/xml.browser.ts#L19

Please consider move to SecurityTypeDomParser to avoid HTML inject.

Describe the solution you'd like A clear and concise description of what you want to happen.

You can find some option here: https://dev.azure.com/domoreexp/Teamspace/_wiki/wikis/NorthStar%20Docs/23760/trusted-types

Describe alternatives you've considered A clear and concise description of any alternative solutions or features you've considered.

Additional context Add any other context or screenshots about the feature request here.

Czhang0727 avatar Jun 20 '22 16:06 Czhang0727

@Czhang0727 thanks for reporting this issue! Could you please tell us how you are using ms-rest-js? as a direct dependency, or indirectly via other packages?

jeremymeng avatar Jul 05 '22 23:07 jeremymeng

@Czhang0727 and do you have a link to the SecurityTypeDomParser mentioned above?

jeremymeng avatar Jul 05 '22 23:07 jeremymeng

It appear this issue is the same as one in azure-sdk-for-js which was resolved in PR: 13382

dayday8421 avatar Oct 13 '22 16:10 dayday8421

This has been addressed by #471

jeremymeng avatar Oct 13 '22 16:10 jeremymeng