Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Prevent HTML/XSS Injection in Scala Search #19980

Merged
merged 1 commit into from
Mar 19, 2024
Merged

Prevent HTML/XSS Injection in Scala Search #19980

merged 1 commit into from
Mar 19, 2024

Conversation

avivkeller
Copy link
Contributor

This PR fixes the _layouts/search.html file to use innerText rather than innerHTML. This will prevent the ability to inject HTML/XSS into the code of the page.

@nicolasstucki
Copy link
Contributor

@redyetidev you will need to sign the CLA here https://www.lightbend.com/contribute/cla/scala

@avivkeller
Copy link
Contributor Author

Thanks! It is now signed!

@Florian3k Florian3k merged commit 4554131 into scala:main Mar 19, 2024
19 checks passed
@avivkeller avivkeller deleted the patch-1 branch March 19, 2024 16:06
@Kordyjan Kordyjan added this to the 3.4.2 milestone Mar 28, 2024
WojciechMazur pushed a commit that referenced this pull request Jul 3, 2024
This PR fixes the `_layouts/search.html` file to use `innerText` rather
than `innerHTML`. This will prevent the ability to inject HTML/XSS into
the code of the page.
[Cherry-picked 4554131]
WojciechMazur pushed a commit that referenced this pull request Jul 3, 2024
This PR fixes the `_layouts/search.html` file to use `innerText` rather
than `innerHTML`. This will prevent the ability to inject HTML/XSS into
the code of the page.
[Cherry-picked 4554131]
WojciechMazur pushed a commit that referenced this pull request Jul 3, 2024
This PR fixes the `_layouts/search.html` file to use `innerText` rather
than `innerHTML`. This will prevent the ability to inject HTML/XSS into
the code of the page.
[Cherry-picked 4554131]
WojciechMazur added a commit that referenced this pull request Jul 4, 2024
Backports #19980 to the LTS branch.

PR submitted by the release tooling.
[skip ci]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants