Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Escape special chars #3206

Merged
merged 2 commits into from
Oct 7, 2019
Merged

Escape special chars #3206

merged 2 commits into from
Oct 7, 2019

Conversation

patphongs
Copy link
Member

@patphongs patphongs commented Sep 27, 2019

@codecov-io
Copy link

codecov-io commented Sep 27, 2019

Codecov Report

Merging #3206 into develop will increase coverage by <.01%.
The diff coverage is 100%.

Impacted file tree graph

@@             Coverage Diff             @@
##           develop    #3206      +/-   ##
===========================================
+ Coverage     74.6%   74.61%   +<.01%     
===========================================
  Files          120      120              
  Lines         7160     7162       +2     
  Branches       633      633              
===========================================
+ Hits          5342     5344       +2     
  Misses        1818     1818
Impacted Files Coverage Δ
fec/fec/static/js/modules/filters/text-filter.js 98.3% <ø> (ø) ⬆️
.../fec/static/js/modules/filters/typeahead-filter.js 37.14% <100%> (+1.84%) ⬆️
fec/fec/static/js/modules/filters/filter-base.js 95.45% <100%> (+0.05%) ⬆️
.../fec/static/js/modules/filters/filter-typeahead.js 73.88% <100%> (ø) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update eb62944...45d26c7. Read the comment docs.

@patphongs patphongs requested a review from lbeaufort October 2, 2019 05:02
Copy link
Contributor

@rfultz rfultz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I commented with screenshots

Copy link
Contributor

@johnnyporkchops johnnyporkchops left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tried several OWASP evasion techniques and did not find any issues. Also the typeahead seems to work fine now to escape.

Copy link
Contributor

@rfultz rfultz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good—thanks for untangling this!

Copy link
Member

@lbeaufort lbeaufort left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great work, @patphongs! I tested several datatables and they look good to me.

@lbeaufort lbeaufort merged commit 6163c06 into develop Oct 7, 2019
@lbeaufort lbeaufort deleted the feature/213-escape-chars branch October 7, 2019 15:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants