Gitc 609 xss on quest page #9719

nutrina · 2021-11-23T15:29:33Z

Have changed the way how dynamic content is assembled by leveraging query functions instead of string concatenation.

GITC-609

This PR fixes

the issue mentioned specifically in the Jira ticket - this has been tested as indicated in the ticket
several other potential XSS vulnerabilities - this was not tested yet. I was unable to reproduce scenarios where this code would be used. This might contain bugs / side effects and should be properly tested in staging.

…al malicious code is properly escaped.

nutrina requested review from chibie, frankchen07, gdixon, PixelantDesign and thelostone-mc as code owners November 23, 2021 15:29

nutrina force-pushed the GITC-609-XSS-on-quest-page branch from b3991b1 to 05734ca Compare November 23, 2021 20:13

nutrina force-pushed the GITC-609-XSS-on-quest-page branch from 05734ca to 9295c7e Compare November 24, 2021 09:25

thelostone-mc force-pushed the master branch from e276966 to df02065 Compare November 24, 2021 14:40

nutrina force-pushed the GITC-609-XSS-on-quest-page branch 2 times, most recently from 28fba73 to 5922e4a Compare November 25, 2021 16:15

nutrina added 4 commits November 25, 2021 19:45

GITC-609: Fix XSS issue, make sure that the title string with potenti…

9af574d

…al malicious code is properly escaped.

GITC-609: Fixing another potential XSS threat.

4947d84

GITC-609: Have fixed some more potential XSS vulnerabilities in code

ebf59b8

GITC-609: Fixing linter complaints

955d17b

nutrina force-pushed the GITC-609-XSS-on-quest-page branch from 5922e4a to 955d17b Compare November 25, 2021 17:45

thelostone-mc approved these changes Nov 26, 2021

View reviewed changes

thelostone-mc merged commit 0c6a92d into master Nov 26, 2021

Provide feedback