-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WIP redesign #552
WIP redesign #552
Conversation
❌ Deploy Preview for deluxe-empanada-3ebf3b failed.
|
{linkGroup.items.map((item, key) => ( | ||
<li key={key} className={styles.footerItem}> | ||
{item.html ? ( | ||
<div dangerouslySetInnerHTML={{ __html: item.html }} /> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
❗Cycode: SAST violation: 'Unsanitized user input in React inner HTML method (XSS)'.
Severity: High
Description
Using React's dangerouslySetInnerHTML with unsanitized data can introduce Cross-Site Scripting (XSS) vulnerabilities. This occurs when external input is embedded directly into the HTML without proper sanitization, allowing attackers to inject malicious scripts.
Cycode Remediation Guideline
- Do sanitize data before using it with dangerouslySetInnerHTML. This step is crucial to prevent XSS attacks by ensuring that the input does not contain harmful scripts.
<div dangerouslySetInnerHTML={{__html: sanitize(data)}} />
References
Would you like to exclude this SAST violation from your status checks?
Tell us what to do with one of the following hashtags:
Tag | Short Description |
---|---|
#cycode_sast_ignore_everywhere | Applies to this SAST violation for all repos in your organization |
#cycode_sast_ignore_here | Applies to this request only |
#cycode_sast_false_positive | Applies to this SAST violation for all repos in your organization |
Closing for now, pending redesign work |
No description provided.