New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ADA-ARGO-SA-01: help.chatUrl
should be validated
#9956
Comments
help.chatUrl
should be sanitizedhelp.chatUrl
should be validated
I'd like to work on this, what does |
@saumeya, I believe the The fix could make use of some of this validation code: 8bc3ef6 |
Just to clarify: if someone is an Argo CD admin, there are a lot more malicious things they can do than this. So this isn't really a vulnerability. It would just be good to add an extra layer of protection. :-) |
help.chatUrl
should be validatedhelp.chatUrl
should be validated
* fix: add url validation for help chat Signed-off-by: saumeya <saumeyakatyal@gmail.com> * lint check Signed-off-by: saumeya <saumeyakatyal@gmail.com> * lint fix Signed-off-by: saumeya <saumeyakatyal@gmail.com> * review comments Signed-off-by: saumeya <saumeyakatyal@gmail.com> --------- Signed-off-by: saumeya <saumeyakatyal@gmail.com> Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
* fix: add url validation for help chat Signed-off-by: saumeya <saumeyakatyal@gmail.com> * lint check Signed-off-by: saumeya <saumeyakatyal@gmail.com> * lint fix Signed-off-by: saumeya <saumeyakatyal@gmail.com> * review comments Signed-off-by: saumeya <saumeyakatyal@gmail.com> --------- Signed-off-by: saumeya <saumeyakatyal@gmail.com> Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
* fix: add url validation for help chat Signed-off-by: saumeya <saumeyakatyal@gmail.com> * lint check Signed-off-by: saumeya <saumeyakatyal@gmail.com> * lint fix Signed-off-by: saumeya <saumeyakatyal@gmail.com> * review comments Signed-off-by: saumeya <saumeyakatyal@gmail.com> --------- Signed-off-by: saumeya <saumeyakatyal@gmail.com> Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
* fix: add url validation for help chat Signed-off-by: saumeya <saumeyakatyal@gmail.com> * lint check Signed-off-by: saumeya <saumeyakatyal@gmail.com> * lint fix Signed-off-by: saumeya <saumeyakatyal@gmail.com> * review comments Signed-off-by: saumeya <saumeyakatyal@gmail.com> --------- Signed-off-by: saumeya <saumeyakatyal@gmail.com> Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
It can currently be a
javascript:
link. Only admins can set this value, so it's reasonably safe. But it's probably better to URL validate that value to help admins avoid doing something dangerous.The text was updated successfully, but these errors were encountered: