Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

WIP redesign #552

Closed
wants to merge 5 commits into from
Closed

WIP redesign #552

wants to merge 5 commits into from

Conversation

nico-shishkin
Copy link
Contributor

No description provided.

Copy link

netlify bot commented Jun 25, 2024

Deploy Preview for deluxe-empanada-3ebf3b failed.

Name Link
🔨 Latest commit 60d9546
🔍 Latest deploy log https://app.netlify.com/sites/deluxe-empanada-3ebf3b/deploys/66984ad3e11aa50008eb8bb4

“nico-shishkin” added 3 commits June 25, 2024 13:15
{linkGroup.items.map((item, key) => (
<li key={key} className={styles.footerItem}>
{item.html ? (
<div dangerouslySetInnerHTML={{ __html: item.html }} />

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cycode: SAST violation: 'Unsanitized user input in React inner HTML method (XSS)'.

Severity: High

Description

Using React's dangerouslySetInnerHTML with unsanitized data can introduce Cross-Site Scripting (XSS) vulnerabilities. This occurs when external input is embedded directly into the HTML without proper sanitization, allowing attackers to inject malicious scripts.

Cycode Remediation Guideline
  • Do sanitize data before using it with dangerouslySetInnerHTML. This step is crucial to prevent XSS attacks by ensuring that the input does not contain harmful scripts.
<div dangerouslySetInnerHTML={{__html: sanitize(data)}} />

References

Would you like to exclude this SAST violation from your status checks?
Tell us what to do with one of the following hashtags:

Tag Short Description
#cycode_sast_ignore_everywhere Applies to this SAST violation for all repos in your organization
#cycode_sast_ignore_here Applies to this request only
#cycode_sast_false_positive Applies to this SAST violation for all repos in your organization

@Simplychee
Copy link
Collaborator

Closing for now, pending redesign work

@Simplychee Simplychee closed this Dec 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants