Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

safeUrl() Security refactor #203

Merged
merged 7 commits into from
Apr 29, 2024
Merged

safeUrl() Security refactor #203

merged 7 commits into from
Apr 29, 2024

Commits on Apr 25, 2024

  1. perf: update function #202 

    This function was updated post security review in training with @jmanico

The goal of this refactor is to be exclusionary by default as well
tighten up the code ergonomics.

Additional updates include refactoring JSDoc annotations.

Changes to be committed:
modified:   src/component-base.mjs
    @blackfalcon
    blackfalcon committed Apr 25, 2024
    Configuration menu
    Copy the full SHA
    ae04590 View commit details
    Browse the repository at this point in the history

  2. test: refactor tests 

    These test refactors are in response to the safeUrl() function updates.

Changes to be committed:
modified:   test/auro-hyperlink.test.js
    @blackfalcon
    blackfalcon committed Apr 25, 2024
    Configuration menu
    Copy the full SHA
    1d3e9f3 View commit details
    Browse the repository at this point in the history

  3. docs: add example code 

    This commit adds a new example to illustrate unsupported href types

Changes to be committed:
new file:   apiExamples/nonSupported.html
modified:   docs/partials/index.md
    @blackfalcon
    blackfalcon committed Apr 25, 2024
    Configuration menu
    Copy the full SHA
    a121572 View commit details
    Browse the repository at this point in the history

  4. refactor: address code scanning issues 

    This commit updates the targetIcon() and safeUrl() functions to address
reported code scanning issues.

* Incomplete URL substring sanitization
* Incomplete URL scheme check

Changes to be committed:
modified:   src/component-base.mjs
    @blackfalcon
    blackfalcon committed Apr 25, 2024
    Configuration menu
    Copy the full SHA
    84dbb66 View commit details
    Browse the repository at this point in the history

  5. chore: update dependencies 

    Changes to be committed:
modified:   package-lock.json
modified:   package.json
    @blackfalcon
    blackfalcon committed Apr 25, 2024
    Configuration menu
    Copy the full SHA
    c2f42fd View commit details
    Browse the repository at this point in the history

  6. build: update build and release scripts 

    This commit updates the package.json and the testPublish.yml per the
discussion of addressing maintaining fast pre-commit build and test
scenarios and having a robust remote testing of code.

Changes to be committed:
modified:   .github/workflows/testPublish.yml
modified:   package.json
    @blackfalcon
    blackfalcon committed Apr 25, 2024
    Configuration menu
    Copy the full SHA
    871fd2b View commit details
    Browse the repository at this point in the history

  7. refactor: update function docs 

    This commit updates the functional documentation within the code.
Refactor of 624ba72 commit.

Changes to be committed:
modified:   src/auro-hyperlink.js
modified:   src/component-base.mjs
    @blackfalcon
    blackfalcon committed Apr 25, 2024
    Configuration menu
    Copy the full SHA
    43f028a View commit details
    Browse the repository at this point in the history