Secure the usage of angular-ui-notification library

[nadouani]

Request Type

Bug

Work Environment

Any

Problem Description

TheHive uses an open source angular library to display notification toasts: https://github.com/alexcrack/angular-ui-notification

This library introduce a XSS vulnerability, since it trusts the messages to be displayed, as HTML.
An issue is still open to fix this vulnerability

In the meantime, we will make sure to sanitize the content we display in notification toasts