safeUrl() Security refactor #203
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
jordanjones243
requested changes
Mar 25, 2024
blackfalcon
force-pushed
the
dsande/securityRefactor/202
branch
2 times, most recently
from
11af03c
to
55a0f3c
Compare
blackfalcon
force-pushed
the
dsande/securityRefactor/202
branch
3 times, most recently
from
4b34c6d
to
9efd751
Compare
This function was updated post security review in training with @jmanico The goal of this refactor is to be exclusionary by default as well tighten up the code ergonomics. Additional updates include refactoring JSDoc annotations. Changes to be committed: modified: src/component-base.mjs
These test refactors are in response to the safeUrl() function updates. Changes to be committed: modified: test/auro-hyperlink.test.js
This commit adds a new example to illustrate unsupported href types Changes to be committed: new file: apiExamples/nonSupported.html modified: docs/partials/index.md
This commit updates the targetIcon() and safeUrl() functions to address reported code scanning issues. * Incomplete URL substring sanitization * Incomplete URL scheme check Changes to be committed: modified: src/component-base.mjs
Changes to be committed: modified: package-lock.json modified: package.json
This commit updates the package.json and the testPublish.yml per the discussion of addressing maintaining fast pre-commit build and test scenarios and having a robust remote testing of code. Changes to be committed: modified: .github/workflows/testPublish.yml modified: package.json
This commit updates the functional documentation within the code. Refactor of 624ba72 commit. Changes to be committed: modified: src/auro-hyperlink.js modified: src/component-base.mjs
blackfalcon
force-pushed
the
dsande/securityRefactor/202
branch
from
9efd751
to
43f028a
Compare
jordanjones243
approved these changes
Apr 25, 2024
|
🎉 This PR is included in version 3.5.11 🎉 The release is available on: Your semantic-release bot 📦🚀 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Alaska Airlines Pull Request
Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. List any dependencies that are required for this change.
Resolves: #202
Summary:
Please summarize the scope of the changes you have submitted, what the intent of the work is, and anything that describes the before/after state of the project.
This function was updated post-security review in training with @jmanico
The goal of this refactor is to be exclusionary by default as well as tighten up the code ergonomics.
See this POV Commit per this Discussion
https://github.com/semantic-release/semantic-release/blob/master/docs/recipes/release-workflow/pre-releases.md
Type of change:
Please delete options that are not relevant.
Checklist:
By submitting this Pull Request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
Pull Requests will be evaluated by their quality of update and whether it is consistent with the goals and values of this project. Any submission is to be considered a conversation between the submitter and the maintainers of this project and may require changes to your submission.
Thank you for your submission!
-- Auro Design System Team