Skip to content

Modul penilaian igd, ralan. ranap, keperawatan dan medis.#284

Merged
basoro merged 1 commit intomasterfrom
mlite
Nov 30, 2024
Merged

Modul penilaian igd, ralan. ranap, keperawatan dan medis.#284
basoro merged 1 commit intomasterfrom
mlite

Conversation

@basoro
Copy link
Copy Markdown
Owner

@basoro basoro commented Nov 30, 2024

Modul penilaian medis igd.
Modul penilaian medis ralan.
Modul penilaian medis ranap.
Modul penilaian medis keperawatan dan medis.
Assesmen nyeri.
Triase IGD.

github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 30, 2024
View reviewed changes
plugins/igd/view/admin/display.html
var baseURL = mlite.url + '/' + mlite.admin;
event.preventDefault();
var loadURL = baseURL + '/jasper/coverrm/' + no_rkm_medis + '?t=' + mlite.token;
$("#modal_cetak_cover_rm").modal('show').html('<div style="text-align:center;margin:20px auto;width:90%;height:95%;"><iframe src="' + loadURL + '" frameborder="no" width="100%" height="100%"></iframe></div>');

Check warning

Code scanning / CodeQL

DOM text reinterpreted as HTML

[DOM text](1) is reinterpreted as HTML without escaping meta-characters.
plugins/igd/view/admin/display.html
var baseURL = mlite.url + '/' + mlite.admin;
event.preventDefault();
var loadURL = baseURL + '/jasper/identitaspasien/' + no_rkm_medis + '?t=' + mlite.token;
$("#modal_cetak_identitas_pasien").modal('show').html('<div style="text-align:center;margin:20px auto;width:90%;height:95%;"><iframe src="' + loadURL + '" frameborder="no" width="100%" height="100%"></iframe></div>');

Check warning

Code scanning / CodeQL

DOM text reinterpreted as HTML

[DOM text](1) is reinterpreted as HTML without escaping meta-characters.
plugins/pasien/view/admin/display.html
var baseURL = mlite.url + '/' + mlite.admin;
event.preventDefault();
var loadURL = baseURL + '/jasper/coverrm/' + no_rkm_medis + '?t=' + mlite.token;
$("#modal_cetak_cover_rm").modal('show').html('<div style="text-align:center;margin:20px auto;width:90%;height:95%;"><iframe src="' + loadURL + '" frameborder="no" width="100%" height="100%"></iframe></div>');

Check warning

Code scanning / CodeQL

DOM text reinterpreted as HTML

[DOM text](1) is reinterpreted as HTML without escaping meta-characters.

Copilot Autofix

AI over 1 year ago

To fix the problem, we need to ensure that any user-controlled data is properly sanitized or escaped before being inserted into the DOM. In this case, we can use the text() method to set the content of the modal instead of using html(). This will treat the content as plain text rather than HTML, preventing any potential XSS attacks.

  • Replace the .html() method with .text() method to ensure that the content is treated as plain text.
  • Update the relevant lines in the file plugins/pasien/view/admin/display.html.
Suggested changeset 1
plugins/pasien/view/admin/display.html

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/plugins/pasien/view/admin/display.html b/plugins/pasien/view/admin/display.html
--- a/plugins/pasien/view/admin/display.html
+++ b/plugins/pasien/view/admin/display.html
@@ -159,3 +159,3 @@
     var loadURL =  baseURL + '/jasper/coverrm/' + no_rkm_medis + '?t=' + mlite.token;
-    $("#modal_cetak_cover_rm").modal('show').html('<div style="text-align:center;margin:20px auto;width:90%;height:95%;"><iframe src="' + loadURL + '" frameborder="no" width="100%" height="100%"></iframe></div>');
+    $("#modal_cetak_cover_rm").modal('show').text('<div style="text-align:center;margin:20px auto;width:90%;height:95%;"><iframe src="' + loadURL + '" frameborder="no" width="100%" height="100%"></iframe></div>');
 
@@ -170,3 +170,3 @@
     var loadURL =  baseURL + '/jasper/identitaspasien/' + no_rkm_medis + '?t=' + mlite.token;
-    $("#modal_cetak_identitas_pasien").modal('show').html('<div style="text-align:center;margin:20px auto;width:90%;height:95%;"><iframe src="' + loadURL + '" frameborder="no" width="100%" height="100%"></iframe></div>');
+    $("#modal_cetak_identitas_pasien").modal('show').text('<div style="text-align:center;margin:20px auto;width:90%;height:95%;"><iframe src="' + loadURL + '" frameborder="no" width="100%" height="100%"></iframe></div>');
 
EOF
@@ -159,3 +159,3 @@
var loadURL = baseURL + '/jasper/coverrm/' + no_rkm_medis + '?t=' + mlite.token;
$("#modal_cetak_cover_rm").modal('show').html('<div style="text-align:center;margin:20px auto;width:90%;height:95%;"><iframe src="' + loadURL + '" frameborder="no" width="100%" height="100%"></iframe></div>');
$("#modal_cetak_cover_rm").modal('show').text('<div style="text-align:center;margin:20px auto;width:90%;height:95%;"><iframe src="' + loadURL + '" frameborder="no" width="100%" height="100%"></iframe></div>');

@@ -170,3 +170,3 @@
var loadURL = baseURL + '/jasper/identitaspasien/' + no_rkm_medis + '?t=' + mlite.token;
$("#modal_cetak_identitas_pasien").modal('show').html('<div style="text-align:center;margin:20px auto;width:90%;height:95%;"><iframe src="' + loadURL + '" frameborder="no" width="100%" height="100%"></iframe></div>');
$("#modal_cetak_identitas_pasien").modal('show').text('<div style="text-align:center;margin:20px auto;width:90%;height:95%;"><iframe src="' + loadURL + '" frameborder="no" width="100%" height="100%"></iframe></div>');

Copilot is powered by AI and may make mistakes. Always verify output.
Unable to commit as this autofix suggestion is now outdated
plugins/pasien/view/admin/display.html
var baseURL = mlite.url + '/' + mlite.admin;
event.preventDefault();
var loadURL = baseURL + '/jasper/identitaspasien/' + no_rkm_medis + '?t=' + mlite.token;
$("#modal_cetak_identitas_pasien").modal('show').html('<div style="text-align:center;margin:20px auto;width:90%;height:95%;"><iframe src="' + loadURL + '" frameborder="no" width="100%" height="100%"></iframe></div>');

Check warning

Code scanning / CodeQL

DOM text reinterpreted as HTML

[DOM text](1) is reinterpreted as HTML without escaping meta-characters.
plugins/rawat_inap/view/admin/display.html
var baseURL = mlite.url + '/' + mlite.admin;
event.preventDefault();
var loadURL = baseURL + '/jasper/coverrm/' + no_rkm_medis + '?t=' + mlite.token;
$("#modal_cetak_cover_rm").modal('show').html('<div style="text-align:center;margin:20px auto;width:90%;height:95%;"><iframe src="' + loadURL + '" frameborder="no" width="100%" height="100%"></iframe></div>');

Check warning

Code scanning / CodeQL

DOM text reinterpreted as HTML

[DOM text](1) is reinterpreted as HTML without escaping meta-characters.

Copilot Autofix

AI over 1 year ago

To fix this issue, we need to ensure that any user-controlled data is properly sanitized or escaped before being inserted into the DOM. In this case, we can use the text() method to set the content of the modal, which will treat the content as plain text rather than HTML, thus preventing any potential XSS attacks.

  • Replace the .html() method with .text() to ensure that the content is treated as plain text.
  • Update the code to properly handle the insertion of the iframe by creating the element programmatically and setting its attributes.
Suggested changeset 1
plugins/rawat_inap/view/admin/display.html

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/plugins/rawat_inap/view/admin/display.html b/plugins/rawat_inap/view/admin/display.html
--- a/plugins/rawat_inap/view/admin/display.html
+++ b/plugins/rawat_inap/view/admin/display.html
@@ -207,3 +207,12 @@
     var loadURL =  baseURL + '/jasper/coverrm/' + no_rkm_medis + '?t=' + mlite.token;
-    $("#modal_cetak_cover_rm").modal('show').html('<div style="text-align:center;margin:20px auto;width:90%;height:95%;"><iframe src="' + loadURL + '" frameborder="no" width="100%" height="100%"></iframe></div>');
+    var iframe = $('<iframe>', {
+        src: loadURL,
+        frameborder: 'no',
+        width: '100%',
+        height: '100%'
+    });
+    var container = $('<div>', {
+        style: 'text-align:center;margin:20px auto;width:90%;height:95%;'
+    }).append(iframe);
+    $("#modal_cetak_cover_rm").modal('show').empty().append(container);
 
@@ -218,3 +227,12 @@
     var loadURL =  baseURL + '/jasper/identitaspasien/' + no_rkm_medis + '?t=' + mlite.token;
-    $("#modal_cetak_identitas_pasien").modal('show').html('<div style="text-align:center;margin:20px auto;width:90%;height:95%;"><iframe src="' + loadURL + '" frameborder="no" width="100%" height="100%"></iframe></div>');
+    var iframe = $('<iframe>', {
+        src: loadURL,
+        frameborder: 'no',
+        width: '100%',
+        height: '100%'
+    });
+    var container = $('<div>', {
+        style: 'text-align:center;margin:20px auto;width:90%;height:95%;'
+    }).append(iframe);
+    $("#modal_cetak_identitas_pasien").modal('show').empty().append(container);
 
EOF
@@ -207,3 +207,12 @@
var loadURL = baseURL + '/jasper/coverrm/' + no_rkm_medis + '?t=' + mlite.token;
$("#modal_cetak_cover_rm").modal('show').html('<div style="text-align:center;margin:20px auto;width:90%;height:95%;"><iframe src="' + loadURL + '" frameborder="no" width="100%" height="100%"></iframe></div>');
var iframe = $('<iframe>', {
src: loadURL,
frameborder: 'no',
width: '100%',
height: '100%'
});
var container = $('<div>', {
style: 'text-align:center;margin:20px auto;width:90%;height:95%;'
}).append(iframe);
$("#modal_cetak_cover_rm").modal('show').empty().append(container);

@@ -218,3 +227,12 @@
var loadURL = baseURL + '/jasper/identitaspasien/' + no_rkm_medis + '?t=' + mlite.token;
$("#modal_cetak_identitas_pasien").modal('show').html('<div style="text-align:center;margin:20px auto;width:90%;height:95%;"><iframe src="' + loadURL + '" frameborder="no" width="100%" height="100%"></iframe></div>');
var iframe = $('<iframe>', {
src: loadURL,
frameborder: 'no',
width: '100%',
height: '100%'
});
var container = $('<div>', {
style: 'text-align:center;margin:20px auto;width:90%;height:95%;'
}).append(iframe);
$("#modal_cetak_identitas_pasien").modal('show').empty().append(container);

Copilot is powered by AI and may make mistakes. Always verify output.
plugins/rawat_inap/view/admin/display.html
var baseURL = mlite.url + '/' + mlite.admin;
event.preventDefault();
var loadURL = baseURL + '/jasper/identitaspasien/' + no_rkm_medis + '?t=' + mlite.token;
$("#modal_cetak_identitas_pasien").modal('show').html('<div style="text-align:center;margin:20px auto;width:90%;height:95%;"><iframe src="' + loadURL + '" frameborder="no" width="100%" height="100%"></iframe></div>');

Check warning

Code scanning / CodeQL

DOM text reinterpreted as HTML

[DOM text](1) is reinterpreted as HTML without escaping meta-characters.

Copilot Autofix

AI over 1 year ago

To fix the problem, we need to ensure that any user-controlled data is properly sanitized or escaped before being inserted into the HTML. In this case, we can use the text method to set the content of the modal in a safe way, and then separately set the src attribute of the iframe element. This approach ensures that the URL is not interpreted as HTML.

Suggested changeset 1
plugins/rawat_inap/view/admin/display.html

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/plugins/rawat_inap/view/admin/display.html b/plugins/rawat_inap/view/admin/display.html
--- a/plugins/rawat_inap/view/admin/display.html
+++ b/plugins/rawat_inap/view/admin/display.html
@@ -217,4 +217,5 @@
     event.preventDefault();
-    var loadURL =  baseURL + '/jasper/identitaspasien/' + no_rkm_medis + '?t=' + mlite.token;
-    $("#modal_cetak_identitas_pasien").modal('show').html('<div style="text-align:center;margin:20px auto;width:90%;height:95%;"><iframe src="' + loadURL + '" frameborder="no" width="100%" height="100%"></iframe></div>');
+    var loadURL = baseURL + '/jasper/identitaspasien/' + no_rkm_medis + '?t=' + mlite.token;
+    $("#modal_cetak_identitas_pasien").modal('show').text('Loading...').html('<div style="text-align:center;margin:20px auto;width:90%;height:95%;"><iframe frameborder="no" width="100%" height="100%"></iframe></div>');
+    $("#modal_cetak_identitas_pasien iframe").attr("src", loadURL);
 
EOF
@@ -217,4 +217,5 @@
event.preventDefault();
var loadURL = baseURL + '/jasper/identitaspasien/' + no_rkm_medis + '?t=' + mlite.token;
$("#modal_cetak_identitas_pasien").modal('show').html('<div style="text-align:center;margin:20px auto;width:90%;height:95%;"><iframe src="' + loadURL + '" frameborder="no" width="100%" height="100%"></iframe></div>');
var loadURL = baseURL + '/jasper/identitaspasien/' + no_rkm_medis + '?t=' + mlite.token;
$("#modal_cetak_identitas_pasien").modal('show').text('Loading...').html('<div style="text-align:center;margin:20px auto;width:90%;height:95%;"><iframe frameborder="no" width="100%" height="100%"></iframe></div>');
$("#modal_cetak_identitas_pasien iframe").attr("src", loadURL);

Copilot is powered by AI and may make mistakes. Always verify output.
plugins/rawat_jalan/view/admin/display.html
var baseURL = mlite.url + '/' + mlite.admin;
event.preventDefault();
var loadURL = baseURL + '/jasper/coverrm/' + no_rkm_medis + '?t=' + mlite.token;
$("#modal_cetak_cover_rm").modal('show').html('<div style="text-align:center;margin:20px auto;width:90%;height:95%;"><iframe src="' + loadURL + '" frameborder="no" width="100%" height="100%"></iframe></div>');

Check warning

Code scanning / CodeQL

DOM text reinterpreted as HTML

[DOM text](1) is reinterpreted as HTML without escaping meta-characters.

Copilot Autofix

AI over 1 year ago

To fix the problem, we need to ensure that any data inserted into the HTML is properly sanitized or escaped to prevent XSS attacks. In this case, we can use the text() method to set the content of the modal in a safe way, ensuring that any HTML special characters are escaped.

  • Replace the direct HTML insertion with a safer method that escapes any potentially dangerous characters.
  • Specifically, we will use the text() method to set the content of the modal, and then append the iframe element separately.
Suggested changeset 1
plugins/rawat_jalan/view/admin/display.html

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/plugins/rawat_jalan/view/admin/display.html b/plugins/rawat_jalan/view/admin/display.html
--- a/plugins/rawat_jalan/view/admin/display.html
+++ b/plugins/rawat_jalan/view/admin/display.html
@@ -542,4 +542,14 @@
     event.preventDefault();
-    var loadURL =  baseURL + '/jasper/coverrm/' + no_rkm_medis + '?t=' + mlite.token;
-    $("#modal_cetak_cover_rm").modal('show').html('<div style="text-align:center;margin:20px auto;width:90%;height:95%;"><iframe src="' + loadURL + '" frameborder="no" width="100%" height="100%"></iframe></div>');
+    var loadURL =  baseURL + '/jasper/coverrm/' + encodeURIComponent(no_rkm_medis) + '?t=' + mlite.token;
+    $("#modal_cetak_cover_rm").modal('show').text(''); // Clear any existing content
+    var iframe = $('<iframe>', {
+      src: loadURL,
+      frameborder: 'no',
+      width: '100%',
+      height: '100%'
+    });
+    var container = $('<div>', {
+      style: 'text-align:center;margin:20px auto;width:90%;height:95%;'
+    }).append(iframe);
+    $("#modal_cetak_cover_rm").append(container);
 
@@ -553,4 +563,14 @@
     event.preventDefault();
-    var loadURL =  baseURL + '/jasper/identitaspasien/' + no_rkm_medis + '?t=' + mlite.token;
-    $("#modal_cetak_identitas_pasien").modal('show').html('<div style="text-align:center;margin:20px auto;width:90%;height:95%;"><iframe src="' + loadURL + '" frameborder="no" width="100%" height="100%"></iframe></div>');
+    var loadURL =  baseURL + '/jasper/identitaspasien/' + encodeURIComponent(no_rkm_medis) + '?t=' + mlite.token;
+    $("#modal_cetak_identitas_pasien").modal('show').text(''); // Clear any existing content
+    var iframe = $('<iframe>', {
+      src: loadURL,
+      frameborder: 'no',
+      width: '100%',
+      height: '100%'
+    });
+    var container = $('<div>', {
+      style: 'text-align:center;margin:20px auto;width:90%;height:95%;'
+    }).append(iframe);
+    $("#modal_cetak_identitas_pasien").append(container);
 
EOF
@@ -542,4 +542,14 @@
event.preventDefault();
var loadURL = baseURL + '/jasper/coverrm/' + no_rkm_medis + '?t=' + mlite.token;
$("#modal_cetak_cover_rm").modal('show').html('<div style="text-align:center;margin:20px auto;width:90%;height:95%;"><iframe src="' + loadURL + '" frameborder="no" width="100%" height="100%"></iframe></div>');
var loadURL = baseURL + '/jasper/coverrm/' + encodeURIComponent(no_rkm_medis) + '?t=' + mlite.token;
$("#modal_cetak_cover_rm").modal('show').text(''); // Clear any existing content
var iframe = $('<iframe>', {
src: loadURL,
frameborder: 'no',
width: '100%',
height: '100%'
});
var container = $('<div>', {
style: 'text-align:center;margin:20px auto;width:90%;height:95%;'
}).append(iframe);
$("#modal_cetak_cover_rm").append(container);

@@ -553,4 +563,14 @@
event.preventDefault();
var loadURL = baseURL + '/jasper/identitaspasien/' + no_rkm_medis + '?t=' + mlite.token;
$("#modal_cetak_identitas_pasien").modal('show').html('<div style="text-align:center;margin:20px auto;width:90%;height:95%;"><iframe src="' + loadURL + '" frameborder="no" width="100%" height="100%"></iframe></div>');
var loadURL = baseURL + '/jasper/identitaspasien/' + encodeURIComponent(no_rkm_medis) + '?t=' + mlite.token;
$("#modal_cetak_identitas_pasien").modal('show').text(''); // Clear any existing content
var iframe = $('<iframe>', {
src: loadURL,
frameborder: 'no',
width: '100%',
height: '100%'
});
var container = $('<div>', {
style: 'text-align:center;margin:20px auto;width:90%;height:95%;'
}).append(iframe);
$("#modal_cetak_identitas_pasien").append(container);

Copilot is powered by AI and may make mistakes. Always verify output.
Unable to commit as this autofix suggestion is now outdated
plugins/rawat_jalan/view/admin/display.html
var baseURL = mlite.url + '/' + mlite.admin;
event.preventDefault();
var loadURL = baseURL + '/jasper/identitaspasien/' + no_rkm_medis + '?t=' + mlite.token;
$("#modal_cetak_identitas_pasien").modal('show').html('<div style="text-align:center;margin:20px auto;width:90%;height:95%;"><iframe src="' + loadURL + '" frameborder="no" width="100%" height="100%"></iframe></div>');

Check warning

Code scanning / CodeQL

DOM text reinterpreted as HTML

[DOM text](1) is reinterpreted as HTML without escaping meta-characters.

Copilot Autofix

AI over 1 year ago

To fix the problem, we need to ensure that any user-controlled input is properly sanitized or escaped before being inserted into the HTML. In this case, we can use the text method instead of the html method to insert the URL into the modal content. This will prevent the browser from interpreting the string as HTML and mitigate the risk of XSS.

  • Replace the html method with the text method to ensure that the URL is treated as plain text.
  • Update the relevant lines in the file plugins/rawat_jalan/view/admin/display.html.
Suggested changeset 1
plugins/rawat_jalan/view/admin/display.html

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/plugins/rawat_jalan/view/admin/display.html b/plugins/rawat_jalan/view/admin/display.html
--- a/plugins/rawat_jalan/view/admin/display.html
+++ b/plugins/rawat_jalan/view/admin/display.html
@@ -554,3 +554,3 @@
     var loadURL =  baseURL + '/jasper/identitaspasien/' + no_rkm_medis + '?t=' + mlite.token;
-    $("#modal_cetak_identitas_pasien").modal('show').html('<div style="text-align:center;margin:20px auto;width:90%;height:95%;"><iframe src="' + loadURL + '" frameborder="no" width="100%" height="100%"></iframe></div>');
+    $("#modal_cetak_identitas_pasien").modal('show').text('<div style="text-align:center;margin:20px auto;width:90%;height:95%;"><iframe src="' + loadURL + '" frameborder="no" width="100%" height="100%"></iframe></div>');
 
EOF
@@ -554,3 +554,3 @@
var loadURL = baseURL + '/jasper/identitaspasien/' + no_rkm_medis + '?t=' + mlite.token;
$("#modal_cetak_identitas_pasien").modal('show').html('<div style="text-align:center;margin:20px auto;width:90%;height:95%;"><iframe src="' + loadURL + '" frameborder="no" width="100%" height="100%"></iframe></div>');
$("#modal_cetak_identitas_pasien").modal('show').text('<div style="text-align:center;margin:20px auto;width:90%;height:95%;"><iframe src="' + loadURL + '" frameborder="no" width="100%" height="100%"></iframe></div>');

Copilot is powered by AI and may make mistakes. Always verify output.
Unable to commit as this autofix suggestion is now outdated
plugins/rawat_jalan/view/admin/odontogram.html
var baseURL = mlite.url + '/' + mlite.admin;
event.preventDefault();
var loadURL = baseURL + '/jasper/odontogram/' + no_rawat.replace(/\//g,'') + '?t=' + mlite.token;
$("#modal_cetak_odontogram").modal('show').html('<div style="text-align:center;margin:20px auto;width:90%;height:95%;"><iframe src="' + loadURL + '" frameborder="no" width="100%" height="100%"></iframe></div>');

Check warning

Code scanning / CodeQL

DOM text reinterpreted as HTML

[DOM text](1) is reinterpreted as HTML without escaping meta-characters.
@basoro basoro merged commit 2e275a9 into master Nov 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@basoro @github-advanced-security