-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Dev #24
Conversation
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
const { data } = this.props | ||
const { contact } = data | ||
const pattern = conversationLinkPattern(data) | ||
return pattern.replace('*', contact) |
Check failure
Code scanning / CodeQL
Incomplete string escaping or encoding High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI 26 days ago
To fix the problem, we need to ensure that all occurrences of the asterisk (*
) in the pattern
string are replaced with the contact
value. This can be achieved by using a regular expression with the global flag (g
). This change will ensure that every instance of *
in the pattern
is replaced, not just the first one.
-
Copy modified line R41
@@ -40,3 +40,3 @@ | ||
const pattern = conversationLinkPattern(data) | ||
return pattern.replace('*', contact) | ||
return pattern.replace(/\*/g, contact) | ||
} |
const { closeMe } = this.props | ||
if (closeMe) closeMe() | ||
if (redirectAfter) { | ||
window.location.href = '/' + data.name |
Check warning
Code scanning / CodeQL
DOM text reinterpreted as HTML Medium
DOM text
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI 26 days ago
To fix the problem, we need to ensure that the data.name
value is properly sanitized or encoded before it is used in the URL assignment. This can be achieved by using a library that provides encoding functions to escape any potentially dangerous characters in the data.name
value.
The best way to fix this issue without changing existing functionality is to use the encodeURIComponent
function, which encodes a URI component by escaping special characters. This will ensure that any potentially dangerous characters in data.name
are safely encoded before being used in the URL.
-
Copy modified line R171
@@ -170,3 +170,3 @@ | ||
if (redirectAfter) { | ||
window.location.href = '/' + data.name | ||
window.location.href = '/' + encodeURIComponent(data.name) | ||
return |
No description provided.