Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Potential fix for code scanning alert no. 4: Stored cross-site scripting #64

Merged
merged 4 commits into from
Jan 26, 2025
Merged

Potential fix for code scanning alert no. 4: Stored cross-site scripting #64

merged 4 commits into from
Jan 26, 2025

Conversation

wilsonneto-dev
Copy link
Member

Potential fix for https://github.com/craft-code-club/blog-c3/security/code-scanning/4

To fix the stored cross-site scripting vulnerability, we need to ensure that the post.id value is properly sanitized before being used in the href attribute of the Link component. The best way to achieve this is by using a library that provides HTML escaping functionality to prevent XSS attacks.

We will use the escape-html library to escape the post.id value before using it in the href attribute. This will ensure that any special characters in the post.id value are properly escaped, preventing XSS attacks.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

@wilsonneto-dev @github-advanced-security
Potential fix for code scanning alert no. 4: Stored cross-site scripting
e400d24 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@cloudflare-workers-and-pages Cloudflare Workers and Pages
Copy link

cloudflare-workers-and-pages bot commented Jan 25, 2025
edited
Loading

Deploying blog-c3 with  Cloudflare Pages  Cloudflare Pages

Latest commit: e400d24
Status:🚫  Build failed.

View logs

@github-actions GitHub Actions
Copy link

🚀 Preview Url 🚀

https://6e163efc.blog-c3.pages.dev

@NelsonBN NelsonBN marked this pull request as ready for review January 26, 2025 04:14
@NelsonBN NelsonBN requested a review from a team as a code owner January 26, 2025 04:14
NelsonBN
NelsonBN approved these changes Jan 26, 2025
View reviewed changes
Copy link
Member

@NelsonBN NelsonBN left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@NelsonBN NelsonBN merged commit 24ef1f4 into main Jan 26, 2025
4 checks passed
@NelsonBN NelsonBN deleted the sec-fix/cross-site-post-url branch January 26, 2025 04:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@NelsonBN NelsonBN NelsonBN approved these changes

@giovannymassuia giovannymassuia giovannymassuia approved these changes

@matheusses matheusses Awaiting requested review from matheusses matheusses is a code owner automatically assigned from craft-code-club/c3-admins

@marcelfernandes marcelfernandes Awaiting requested review from marcelfernandes marcelfernandes is a code owner automatically assigned from craft-code-club/c3-admins

@CristianoRC CristianoRC Awaiting requested review from CristianoRC CristianoRC is a code owner automatically assigned from craft-code-club/c3-admins

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@wilsonneto-dev @NelsonBN @giovannymassuia