Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sanitize href props with xss vulnerability V2 #1000

Merged
merged 11 commits into from
Feb 11, 2024
Merged

Sanitize href props with xss vulnerability V2 #1000

merged 11 commits into from
Feb 11, 2024

Conversation

AnnMarieW
Copy link
Contributor

Sanitize html props that are vulnerable to xss vulnerability if user data is inserted.

This is the new version based on comments in #999

Let's keep this as a draft until plotly/dash#2743 is resolved.

@AnnMarieW AnnMarieW mentioned this pull request Feb 3, 2024
Closed
3 tasks
tcbegley
tcbegley reviewed Feb 3, 2024
View reviewed changes
Copy link
Collaborator

@tcbegley tcbegley left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking good so far.

1000th issue / PR! Cool milestone 😄

I think you need a npm run format

src/components/nav/NavLink.js Outdated
@@ -1,9 +1,11 @@
import React, {useEffect, useState} from 'react';
import React, {useEffect, useState, useMemo} from 'react';
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

useMemo not used in this file afaict

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right - I didn't do npm run format yet. Still lots of files to change :-)

@AnnMarieW AnnMarieW marked this pull request as ready for review February 5, 2024 19:12
tcbegley
tcbegley approved these changes Feb 11, 2024
View reviewed changes
Copy link
Collaborator

@tcbegley tcbegley left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great stuff, thanks @AnnMarieW!

I made a few small edits:

  • Used pytest.mark.parameterize inside the integration tests, I think it makes it a little easier to see what is going on in the test + that the same check is being performed for multiple components.
  • Some small changes to prop destructuring, e.g. where we pull out setProps we no longer need to call omit and so on.

@tcbegley tcbegley merged commit 86a883b into facultyai:main Feb 11, 2024
7 checks passed
@tcbegley tcbegley mentioned this pull request Apr 14, 2024
Merged
tcbegley added a commit that referenced this pull request Apr 14, 2024
@tcbegley
Revert "Sanitize href props with xss vulnerability V2 (#1000)"
c751c63 
This reverts commit 86a883b.
tcbegley added a commit that referenced this pull request Apr 14, 2024
@tcbegley
Revert href sanitization changes (#1015)
1556f51 
* Revert "Sanitize href props with xss vulnerability V2 (#1000)"

This reverts commit 86a883b.

* Update babel plugins

* Revert tagname changes
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tcbegley tcbegley tcbegley approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@AnnMarieW @tcbegley