start budibase cleanup, chronograf finish env content, component fix …

…codeql warning
goauthentik · Feb 1, 2025 · 92277ee · 92277ee
1 parent e671a83
commit 92277ee
Show file tree

Hide file tree

Showing 3 changed files with 34 additions and 15 deletions.
diff --git a/website/integrations/services/budibase/index.md b/website/integrations/services/budibase/index.md
@@ -24,14 +24,21 @@ The following placeholders are used in this guide:
 This documentation lists only the settings that you need to change from their default values. Be aware that any changes other than those explicitly mentioned in this guide could cause issues accessing your application.
 :::
 
-Create an application in authentik. Create an OAuth2/OpenID provider with the following parameters:
+## authentik configuration
 
-- Client Type: `Confidential`
-- Scopes: OpenID, Email and Profile
-- Signing Key: Select any available key
-- Redirect URIs: `https://budibase.company/api/global/auth/oidc/callback`
+To support the integration of Budibase with authentik, you need to create an application/provider pair in authentik.
 
-Note the Client ID and Client Secret values. Create an application, using the provider you've created above.
+**Create an application and provider in authentik**
+
+In the authentik Admin Interface, navigate to **Applications** > **Applications** and click **[Create with Provider](/docs/add-secure-apps/applications/manage_apps#add-new-applications)** to create an application and provider pair. (Alternatively you can create only an application, without a provider, by clicking **Create**.)
+
+- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
+- **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
+- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
+    - Note the **Client ID**,**Client Secret**, and **slug** values because they will be required later.
+    - Set a `Strict` redirect URI to <kbd>https://<em>budibase.company</em>/api/global/auth/oidc/callback/</kbd>.
+    - Select any available signing key.
+- **Configure Bindings** _(optional):_ you can create a [binding](/docs/add-secure-apps/flows-stages/bindings/) (policy, group, or user) to manage the listing and access to applications on a user’s **My applications** page.
 
 ## Budibase
 

diff --git a/website/integrations/services/chronograf/index.mdx b/website/integrations/services/chronograf/index.mdx
@@ -56,13 +56,13 @@ PUBLIC_URL=https://<em>chronograf.company</em>
 TOKEN_SECRET=<em>Your random secret</em>
 JWKS_URL=https://<em>authentik.company</em>/application/o/<em>your-application-slug</em>/jwks/
 GENERIC_NAME=authentik
-GENERIC_CLIENT_ID=<client-id>
-GENERIC_CLIENT_SECRET=<client-secret>
+GENERIC_CLIENT_ID=<em>Your Client ID</em>
+GENERIC_CLIENT_SECRET=<em>Your Client Secret</em>
 GENERIC_SCOPES=email,profile,openid
-GENERIC_DOMAINS=authentik.company
-GENERIC_AUTH_URL=https://authentik.company/application/o/authorize/
-GENERIC_TOKEN_URL=https://authentik.company/application/o/token/
-GENERIC_API_URL=https://authentik.company/application/o/userinfo/
+GENERIC_DOMAINS=<em>authentik.company</em>
+GENERIC_AUTH_URL=https://<em>authentik.company</em>/application/o/authorize/
+GENERIC_TOKEN_URL=https://<em>authentik.company</em>/application/o/token/
+GENERIC_API_URL=https://<em>authentik.company</em>/application/o/userinfo/
 GENERIC_API_KEY=email
 USE_ID_TOKEN=true
 `}

diff --git a/website/src/components/Integrations/IntegrationsCodeblock.tsx b/website/src/components/Integrations/IntegrationsCodeblock.tsx
@@ -12,6 +12,8 @@ type CopyButtonState = {
 
 type ContentProcessor = (children: ReactNode) => string;
 
+const allowedTags = ["em", "code", "pre"];
+
 const IntegrationsMultilineCodeblock: React.FC<
     IntegrationsMultilineCodeblockProps
 > = ({ children, className = "" }) => {
@@ -35,8 +37,18 @@ const IntegrationsMultilineCodeblock: React.FC<
 
     const processContent: ContentProcessor = (children) => {
         const text = getTextContent(children);
-        const textWithoutTags = text.replace(/<[^>]+>/g, "");
-        return textWithoutTags.replace(/\n\s+/g, "\n").trim();
+
+        const sanitizedText = text.replace(
+            /<\/?([a-z][a-z0-9]*)\b[^>]*>/gi,
+            (match, tag) => {
+                if (allowedTags.includes(tag.toLowerCase())) {
+                    return match;
+                }
+                return "";
+            },
+        );
+
+        return sanitizedText.replace(/\n\s+/g, "\n").trim();
     };
 
     const content: string = processContent(children);
@@ -76,7 +88,7 @@ const IntegrationsMultilineCodeblock: React.FC<
             {typeof children === "string" ? (
                 <code
                     className="integration-codeblock__content"
-                    dangerouslySetInnerHTML={{ __html: children }}
+                    dangerouslySetInnerHTML={{ __html: content }}
                 />
             ) : (
                 <code className="integration-codeblock__content">