Skip to content

Potential fix for code scanning alert no. 13: DOM text reinterpreted as HTML #717

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
erwindon merged 1 commit into from
Jun 10, 2025
Merged

Potential fix for code scanning alert no. 13: DOM text reinterpreted as HTML #717

erwindon merged 1 commit into from
Jun 10, 2025

Conversation

@erwindon
Copy link
Owner

@erwindon erwindon commented Jun 10, 2025

Potential fix for https://github.com/erwindon/SaltGUI/security/code-scanning/13

To fix the issue, ensure that all untrusted data concatenated into the html variable is properly escaped using the _escapeHtml method. This involves identifying all instances where untrusted data flows into html and applying _escapeHtml to sanitize the data. Specifically, the cmd variable and any other untrusted inputs should be escaped before being used in HTML strings.

Changes are required in the following areas:

  1. Ensure that cmd is escaped before being concatenated into html on line 313.
  2. Review all other instances where untrusted data is concatenated into html and apply _escapeHtml as needed.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

@erwindon erwindon self-assigned this Jun 10, 2025
github-advanced-security[bot]
github-advanced-security bot found potential problems Jun 10, 2025
View reviewed changes
@erwindon @github-advanced-security
Potential fix for code scanning alert no. 13: DOM text reinterpreted …
bab4827 
…as HTML

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@sonarqubecloud
Copy link

sonarqubecloud bot commented Jun 10, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@erwindon erwindon marked this pull request as ready for review June 10, 2025 23:25
@erwindon erwindon merged commit 161167f into master Jun 10, 2025
8 checks passed
@erwindon erwindon deleted the alert-autofix-13 branch June 10, 2025 23:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@erwindon erwindon

Labels

enhancement

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@erwindon