Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

COM-486: Prevent XSS attacks in isLinkTarget validator #1816

Merged
merged 5 commits into from
Mar 18, 2024
Merged

COM-486: Prevent XSS attacks in isLinkTarget validator #1816

merged 5 commits into from
Mar 18, 2024

Conversation

jomunker
Copy link
Contributor

Description

This PR adds a filter for javascript and data in the isLinkTarget function and decorator to prevent XSS attacks.

@jomunker jomunker self-assigned this Mar 12, 2024
max-debug022
max-debug022 previously approved these changes Mar 12, 2024
View reviewed changes
@johnnyomair
Copy link
Collaborator

I know this is a bit out of scope, but could you please rename the files to the new name? This was forgotten in #1671.

@johnnyomair
Copy link
Collaborator

Also, please add a changeset.

@jomunker
Copy link
Contributor Author

Also, please add a changeset.

Sure. What should be the content of that?

@johnnyomair
Copy link
Collaborator

Also, please add a changeset.

Sure. What should be the content of that?

IMO it should be a patch. Maybe something like:

Prevent XSS attacks in `isLinkTarget` validator

@johnnyomair johnnyomair changed the title COM-486: add javascript and data filter to isLinkTarget validation function COM-486: Prevent XSS attacks in isLinkTarget validator Mar 13, 2024
@johnnyomair johnnyomair dismissed their stale review March 13, 2024 12:16

File should be renamed

@johnnyomair johnnyomair merged commit 9867242 into main Mar 18, 2024
10 checks passed
@johnnyomair johnnyomair deleted the COM-486-xss-in-external-link branch March 18, 2024 08:44
jomunker added a commit that referenced this pull request Mar 18, 2024
@jomunker
Prevent XSS attacks in validator (#1816)
dd1408e 
## Description
This PR adds a filter for  and  in the
function and decorator to prevent XSS attacks.
@jomunker jomunker mentioned this pull request Mar 18, 2024
Merged
jomunker added a commit that referenced this pull request Mar 18, 2024
@jomunker
Prevent XSS attacks in isLinkTarget validator (#1816)
566efc3 
## Description
This PR adds a filter for `javascript` and `data` in the `isLinkTarget`
function and decorator to prevent XSS attacks.

(cherry picked from commit 9867242)
jomunker added a commit that referenced this pull request Mar 18, 2024
@jomunker
Prevent XSS attacks in isLinkTarget validator (#1816)
9937a95 
## Description
This PR adds a filter for `javascript` and `data` in the `isLinkTarget`
function and decorator to prevent XSS attacks.

(cherry picked from commit 9867242)
@jomunker jomunker mentioned this pull request Mar 18, 2024
Merged
johnnyomair pushed a commit that referenced this pull request Mar 18, 2024
@jomunker
Backport v5: Prevent XSS attacks in isLinkTarget validator (#1816) (#…
1000369 
…1846)

## Description
This PR includes the XSS fixes from #1816 into v5
johnnyomair pushed a commit that referenced this pull request Mar 18, 2024
@jomunker
Backport v4: Prevent XSS attacks in isLinkTarget validator (#1816) (#…
4fd6df2 
…1845)

## Description
This PR includes the XSS fixes from #1816 into v4
thomasdax98 added a commit that referenced this pull request Mar 19, 2024
@thomasdax98
Add changesets for #1816
0b27f0d
thomasdax98 added a commit that referenced this pull request Mar 19, 2024
@thomasdax98
Add changesets for #1816 (#1855)
0efae68
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@max-debug022 max-debug022 max-debug022 approved these changes

@johnnyomair johnnyomair johnnyomair approved these changes

Assignees

@jomunker jomunker

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jomunker @johnnyomair @max-debug022