Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Securing wins.js from XSS vulnerability due to innerHTML #6303

Closed
4 tasks done
freaky4wrld opened this issue Feb 16, 2024 · 8 comments · Fixed by #6462
Closed
4 tasks done

Securing wins.js from XSS vulnerability due to innerHTML #6303

freaky4wrld opened this issue Feb 16, 2024 · 8 comments · Fixed by #6462
Assignees
Labels
Complexity: Medium Feature: Refactor JS / Liquid Page is working fine - JS / Liquid needs changes to become consistent with other pages role: front end Tasks for front end developers size: 1pt Can be done in 4-6 hours
Milestone

Comments

@freaky4wrld
Copy link
Member

freaky4wrld commented Feb 16, 2024

Overview

As developers we aim to protect JavaScript files from XSS vulnerabilities, preventing malicious script injections that can compromise user security.

Action Items

  • Open the file assets/js/wins.js in your IDE
  • Search the instances of innerHTML in the file.
  • Replace the instances of the innerHTML property with textContent , using the createElement method for creating DOM elements where necessary
  • Use Docker to test the Wins page at mobile, table, and desktop screen sizes

Resources/Instructions

@freaky4wrld freaky4wrld added role: front end Tasks for front end developers Complexity: Medium Feature: Refactor JS / Liquid Page is working fine - JS / Liquid needs changes to become consistent with other pages size: 1pt Can be done in 4-6 hours Draft Issue is still in the process of being created labels Feb 16, 2024
@freaky4wrld

This comment was marked as resolved.

@ExperimentsInHonesty ExperimentsInHonesty added this to the 02. Security milestone Feb 16, 2024
@freaky4wrld freaky4wrld added ready for dev lead Issues that tech leads or merge team members need to follow up on and removed Draft Issue is still in the process of being created labels Feb 20, 2024
@roslynwythe

This comment was marked as outdated.

@roslynwythe roslynwythe added Ready for Prioritization and removed ready for dev lead Issues that tech leads or merge team members need to follow up on labels Feb 20, 2024
@danvgar danvgar self-assigned this Feb 29, 2024
Copy link

Hi @danvgar, thank you for taking up this issue! Hfla appreciates you :)

Do let fellow developers know about your:-
i. Availability: (When are you available to work on the issue/answer questions other programmers might have about your issue?)
ii. ETA: (When do you expect this issue to be completed?)

You're awesome!

P.S. - You may not take up another issue until this issue gets merged (or closed). Thanks again :)

@danvgar
Copy link
Member

danvgar commented Feb 29, 2024

Happy to take on this issue. Just assigned it to myself and will provide an update by EOW.

@ExperimentsInHonesty
Copy link
Member

@danvgar I am moving this issue to the in progress column, since you are working on it. On future issues please move the issue after you self assign.

@danvgar
Copy link
Member

danvgar commented Feb 29, 2024

@danvgar I am moving this issue to the in progress column, since you are working on it. On future issues please move the issue after you self assign.

Ah sorry, thank you for catching that, @ExperimentsInHonesty !

@github-actions github-actions bot added the To Update ! No update has been provided label Mar 8, 2024
Copy link

github-actions bot commented Mar 8, 2024

@danvgar

Please add update using the below template (even if you have a pull request). Afterwards, remove the 'To Update !' label and add the 'Status: Updated' label.

  1. Progress: "What is the current status of your project? What have you completed and what is left to do?"
  2. Blockers: "Difficulties or errors encountered."
  3. Availability: "How much time will you have this week to work on this issue?"
  4. ETA: "When do you expect this issue to be completed?"
  5. Pictures (optional): "Add any pictures of the visual changes made to the site so far."

If you need help, be sure to either: 1) place your issue in the Questions/In Review column of the Project Board and ask for help at your next meeting, 2) put a "Status: Help Wanted" label on your issue and pull request, or 3) put up a request for assistance on the #hfla-site channel. Please note that including your questions in the issue comments- along with screenshots, if applicable- will help us to help you. Here and here are examples of well-formed questions.

You are receiving this comment because your last comment was before Monday, March 4, 2024 at 11:06 PM PST.

@danvgar
Copy link
Member

danvgar commented Mar 11, 2024

Apologies, I've been sick on-and-off the past week and have not been able to sit with this. I expect it to be completed by EOW Sun Mar 17, if not sooner!

@danvgar danvgar added Status: Updated No blockers and update is ready for review and removed To Update ! No update has been provided labels Mar 11, 2024
@github-actions github-actions bot removed the Status: Updated No blockers and update is ready for review label Mar 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Complexity: Medium Feature: Refactor JS / Liquid Page is working fine - JS / Liquid needs changes to become consistent with other pages role: front end Tasks for front end developers size: 1pt Can be done in 4-6 hours
Projects
Development

Successfully merging a pull request may close this issue.

4 participants