Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[#IP-374] Ensure password is shown in message #164

Merged
merged 5 commits into from
Aug 30, 2021

Conversation

balanza
Copy link
Contributor

@balanza balanza commented Aug 30, 2021

Motivation and Context

We had evidence that some user, after claiming access on their data, received a message containing a password invalid for the associated data bundle.
We found out password was actually correct, but mis-rendered: when it contains two or more *, such characters would be considered as an italic formatting instruction in the markdown context, hence they would not be shown to the user.

We remove * from the char collection. Also, we wrapped password value for escaping, to avoid similar issues to occur in the future

List of Changes

  • Remove * from charset in 1a30e0b
  • Wrap password with back-ticks in ddde8af

How Has This Been Tested?

Unit tests added

Types of changes

  • Chore (nothing changes by a user perspective)
  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)

Checklist:

  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.

@pagopa-github-bot
Copy link
Contributor

Warnings
⚠️

Please include a Pivotal story at the beginning of the PR title (see below).

marked

Author: Christopher Jeffrey

Description: A markdown parser built for speed

Homepage: https://marked.js.org

Createdabout 10 years ago
Last Updated5 days ago
LicenseMIT
Maintainers4
Releases90
Keywordsmarkdown, markup and html
README

Marked

npm
gzip size
install size
downloads
github actions
snyk

  • ⚡ built for speed
  • ⬇️ low-level compiler for parsing markdown without caching or blocking for long periods of time
  • ⚖️ light-weight while implementing all markdown features from the supported flavors & specifications
  • 🌐 works in a browser, on a server, or from a command line interface (CLI)

Demo

Checkout the demo page to see marked in action ⛹️

Docs

Our documentation pages are also rendered using marked 💯

Also read about:

Compatibility

Node.js: Only current and LTS Node.js versions are supported. End of life Node.js versions may become incompatible with Marked at any point in time.

Browser: Not IE11 :)

Installation

CLI: npm install -g marked

In-browser: npm install marked

Usage

Warning: 🚨 Marked does not sanitize the output HTML. Please use a sanitize library, like DOMPurify (recommended), sanitize-html or insane on the output HTML! 🚨

CLI

$ marked -o hello.html
hello world
^D
$ cat hello.html
<p>hello world</p>

Browser

<!doctype html>
<html>
<head>
  <meta charset="utf-8"/>
  <title>Marked in the browser</title>
</head>
<body>
  <div id="content"></div>
  <script src="https://cdn.jsdelivr.net/npm/marked/marked.min.js"></script>
  <script>
    document.getElementById('content').innerHTML =
      marked('# Marked in the browser\n\nRendered by **marked**.');
  </script>
</body>
</html>

License

Copyright (c) 2011-2018, Christopher Jeffrey. (MIT License)

New dependencies added: marked.

Example of PR titles that include pivotal stories:

  • single story: [#123456] my PR title
  • multiple stories: [#123456,#123457,#123458] my PR title

Generated by 🚫 dangerJS

Copy link
Contributor

@BurnedMarshal BurnedMarshal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@balanza balanza merged commit 7f2f536 into master Aug 30, 2021
@balanza balanza deleted the ip-374--fix-password-in-data-bundle branch August 30, 2021 10:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants