Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove console.warn(response) to prevent potential malicious output t… #37256

Merged
merged 1 commit into from
Apr 15, 2020

Conversation

DeepDiver1975
Copy link
Member

@DeepDiver1975 DeepDiver1975 commented Apr 14, 2020

…o the browser console.

Description

Unescaped output to browser console is lead to log forging.

Motivation and Context

Apply best sec practice ...

How Has This Been Tested?

  • 🚫

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Database schema changes (next release will require increase of minor version instead of patch)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Technical debt
  • Tests only (no source changes)

Checklist:

  • Code changes
  • Unit tests added
  • Acceptance tests added
  • Documentation ticket raised:
  • Changelog item, see TEMPLATE

@update-docs
Copy link

update-docs bot commented Apr 14, 2020

Thanks for opening this pull request! The maintainers of this repository would appreciate it if you would create a changelog item based on your changes.

@DeepDiver1975 DeepDiver1975 force-pushed the bugfix/tags-console-output branch from 6183e28 to 77887af Compare April 14, 2020 13:31
@codecov
Copy link

codecov bot commented Apr 14, 2020

Codecov Report

Merging #37256 into master will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@            Coverage Diff            @@
##             master   #37256   +/-   ##
=========================================
  Coverage     64.92%   64.92%           
  Complexity    19151    19151           
=========================================
  Files          1267     1267           
  Lines         74902    74902           
  Branches       1331     1331           
=========================================
  Hits          48633    48633           
  Misses        25877    25877           
  Partials        392      392           
Flag Coverage Δ Complexity Δ
#javascript 54.14% <ø> (ø) 0.00 <ø> (ø)
#phpunit 66.13% <ø> (ø) 19151.00 <ø> (ø)

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 1bec7a3...77887af. Read the comment docs.

@DeepDiver1975
Copy link
Member Author

@C0rby please review and approve - THX

Copy link
Contributor

@C0rby C0rby left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

@DeepDiver1975 DeepDiver1975 merged commit f53fa8c into master Apr 15, 2020
@delete-merged-branch delete-merged-branch bot deleted the bugfix/tags-console-output branch April 15, 2020 09:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants