Merge branch '439865-sanitise-field-error' into 'master'

Sanitise gl_field_error error message See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/144948 Merged-by: Ankit Panchal <apanchal@gitlab.com> Approved-by: Serhii Yarynovskyi <syarynovskyi@gitlab.com> Approved-by: Ankit Panchal <apanchal@gitlab.com> Reviewed-by: Ankit Panchal <apanchal@gitlab.com> Co-authored-by: sdejonge <sdejonge@gitlab.com>

Merge branch '439865-sanitise-field-error' into 'master'
cfce3cdc · Ankit Panchal · GitLab · 4cfe840e · 9efaaa53 · cfce3cdc
--- a/app/assets/javascripts/gl_field_error.js
+++ b/app/assets/javascripts/gl_field_error.js
 import $ from 'jquery';
+import { sanitize } from '~/lib/dompurify';
 import { __ } from '~/locale';

 /**
@@ -64,7 +65,9 @@ export default class GlFieldError {
    this.inputDomElement = this.inputElement.get(0);
    this.form = formErrors;
    this.errorMessage = this.inputElement.attr('title') || __('This field is required.');
-    this.fieldErrorElement = $(`<p class='${errorMessageClass} hidden'>${this.errorMessage}</p>`);
+    this.fieldErrorElement = $(
+      `<p class='${errorMessageClass} hidden'>${sanitize(this.errorMessage)}</p>`,
+    );

    this.state = {
      valid: false,