sanitize version param

dbt-labs · Aug 2, 2024 · cf889f6 · cf889f6
1 parent c93cc51
commit cf889f6
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/website/src/stores/VersionContext.js b/website/src/stores/VersionContext.js
@@ -1,5 +1,6 @@
 import React, { useState, useEffect, createContext } from "react"
 import { versions } from '../../dbt-versions'
+import sanitizeHtml from "sanitize-html";
 
 const lastReleasedVersion = versions && versions.find(ver => ver.version && ver.version != "" && !ver.isPrerelease);
 
@@ -19,7 +20,10 @@ export const VersionContextProvider = ({ value = "", children }) => {
     const storageVersion = window.localStorage.getItem('dbtVersion')
     const { search } = window.location
     const urlParams = new URLSearchParams(search);
-    const versionParam = urlParams.get('version')
+    const originalVersionParam = urlParams.get('version')
+
+    // Sanitize version param
+    const versionParam = sanitizeHtml(originalVersionParam);
 
     if(versionParam && versions.find(ver => ver?.version && ver.version === versionParam)) {
       {/*