-
Notifications
You must be signed in to change notification settings - Fork 96
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. Weβll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Sweep: Cross-site scripting in username edit field (β Sandbox Passed) #315
Conversation
Rollback Files For Sweep
This is an automated message generated by Sweep AI. |
The latest updates on your projects. Learn more about Vercel for Git βοΈ
|
@@ -48,6 +48,7 @@ export default class EditableSpan extends PureComponent { | |||
let result = value; | |||
const nbsp = String.fromCharCode('160'); | |||
while (result.indexOf(' ') !== -1) { | |||
import { sanitizeInput } from '../../utils/sanitizeInput'; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can you put this import statement where it belongs
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
PR Feedback (click)
Description
This pull request addresses a cross-site scripting vulnerability in the username edit field of the application. It introduces a new utility function
sanitizeInput
in thesanitizeInput.js
file to sanitize user input and prevent the execution of malicious code.Summary
sanitizeInput
function insanitizeInput.js
to sanitize user input and prevent cross-site scripting attacks.EditableSpan.js
in thesrc/components/common
directory:sanitizeInput
function fromsanitizeInput.js
.replace
method in thesanitize
function to usesanitizeInput
for sanitizing user input.handleTextChange
method.handleFocus
method to use thesanitizeInput
function for sanitizing user input.Please review and merge this pull request to address the identified security vulnerability.
Fixes #314.
π Latest improvements to Sweep:
π‘ To get Sweep to edit this pull request, you can: