Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Potential fix for code scanning alert no. 1: Stored cross-site scripting #74

Merged
merged 1 commit into from
Jan 26, 2025
Merged

Potential fix for code scanning alert no. 1: Stored cross-site scripting #74

merged 1 commit into from
Jan 26, 2025

Conversation

NelsonBN
Copy link
Member

Potential fix for https://github.com/craft-code-club/blog-c3/security/code-scanning/1

To fix the stored cross-site scripting vulnerability, we need to ensure that the id used in the href attribute of the Link component is properly sanitized. The best way to fix this issue is to use a library that provides URL encoding to ensure that any potentially harmful characters are escaped.

We will use the encodeURIComponent function to sanitize the id before using it in the href attribute. This function encodes a URI component by replacing each instance of certain characters with one, two, or three escape sequences representing the UTF-8 encoding of the character.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

@NelsonBN @github-advanced-security
Potential fix for code scanning alert no. 1: Stored cross-site scripting
0bdf754 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@github-actions GitHub Actions
Copy link

🚀 Preview Url 🚀

https://e41194af.blog-c3.pages.dev

@NelsonBN NelsonBN marked this pull request as ready for review January 26, 2025 04:24
@NelsonBN NelsonBN requested a review from a team as a code owner January 26, 2025 04:24
@NelsonBN NelsonBN merged commit a79cad0 into main Jan 26, 2025
4 checks passed
@NelsonBN NelsonBN deleted the alert-autofix-1 branch January 26, 2025 04:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@giovannymassuia giovannymassuia giovannymassuia approved these changes

@matheusses matheusses Awaiting requested review from matheusses matheusses is a code owner automatically assigned from craft-code-club/c3-admins

@marcelfernandes marcelfernandes Awaiting requested review from marcelfernandes marcelfernandes is a code owner automatically assigned from craft-code-club/c3-admins

@CristianoRC CristianoRC Awaiting requested review from CristianoRC CristianoRC is a code owner automatically assigned from craft-code-club/c3-admins

@wilsonneto-dev wilsonneto-dev Awaiting requested review from wilsonneto-dev wilsonneto-dev is a code owner automatically assigned from craft-code-club/c3-admins

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@NelsonBN @giovannymassuia