Skip to content

Commit

Permalink
Fix code scanning alert no. 467: Incomplete multi-character sanitization
Browse files Browse the repository at this point in the history 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
  • Loading branch information
@simonbyford @github-advanced-security
simonbyford and github-advanced-security[bot] authored Nov 27, 2024
1 parent 4da707e commit 6691aba
Showing 1 changed file with 4 additions and 2 deletions.
6 changes: 4 additions & 2 deletions dotcom-rendering/src/components/MiniProfile.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -116,8 +116,10 @@ export const MiniProfile = ({
);
};

const containsText = (html: string) =>
html.replace(/<[^>]*>?/gm, '').length > 0;
const containsText = (html: string) => {
const sanitizedHtml = sanitise(html, {});
return sanitizedHtml.replace(/<[^>]*>?/gm, '').length > 0;

Check failure

Code scanning / CodeQL

Incomplete multi-character sanitization High

This string may still contain
<script
Loading
, which may cause an HTML element injection vulnerability.
};

const Bio = ({ html }: { html?: string }) => {
if (!html || !containsText(html)) return null;
Expand Down

0 comments on commit 6691aba

Please sign in to comment.