Skip to content

Fix code scanning alert no. 21: Incomplete multi-character sanitization #10

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Dargon789 merged 4 commits into from
Oct 27, 2024
Merged

Fix code scanning alert no. 21: Incomplete multi-character sanitization #10

Dargon789 merged 4 commits into from
Oct 27, 2024

Conversation

@Dargon789
Copy link
Owner

@Dargon789 Dargon789 commented Oct 20, 2024

Fixes https://github.com/Dargon789/hardhat/security/code-scanning/21

To fix the problem, we should replace the custom regular expression with a well-tested sanitization library. This will ensure that all edge cases are handled correctly and that the input is thoroughly sanitized. The sanitize-html library is a popular choice for this purpose.

  1. Install the sanitize-html library.
  2. Replace the custom regex-based sanitization with a call to sanitize-html.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

@Dargon789 @github-advanced-security
Fix code scanning alert no. 21: Incomplete multi-character sanitization
0e44d09 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@Dargon789 Dargon789 marked this pull request as ready for review October 20, 2024 17:15
@Dargon789
Merge branch 'main' into alert-autofix-21
2df52ea 
Signed-off-by: Legion's  <64915515+Dargon789@users.noreply.github.com>
@Dargon789 Dargon789 merged commit e7a2e24 into main Oct 27, 2024
2 of 12 checks passed
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jan 26, 2025
Repository owner unlocked this conversation Oct 21, 2025
@Dargon789 Dargon789 self-assigned this Oct 21, 2025
Dargon789
Dargon789 commented Oct 21, 2025
View reviewed changes
Copy link
Owner Author

@Dargon789 Dargon789 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fix code scanning alert no. 21: Incomplete multi-character sanitization#10

@github-project-automation github-project-automation bot moved this to Backlog in Hardhat Oct 21, 2025
@Dargon789 Dargon789 linked an issue Oct 21, 2025 that may be closed by this pull request
PR diff clean v-next hardhat full debug main to main use vercel bot diff clean --force #1578
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@Dargon789 Dargon789

Labels

status:ready

Projects

Hardhat
Archived in project
web3-Defi-Gamefi
Status: Todo

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

PR diff clean v-next hardhat full debug main to main use vercel bot diff clean --force

2 participants

@Dargon789