Oct 1 2024 stuff -- build-on-dev #2226
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| history.push(ROUTES_COMPLIANCE.REPORTS) | ||
| history.replace( | ||
| ROUTES_COMPLIANCE.REPORT_CONSUMER_SALES.replace(':id', id) | ||
| ROUTES_COMPLIANCE.REPORT_CONSUMER_SALES.replace(/:id/g, id) |
Check failure
Code scanning / CodeQL
Client-side cross-site scripting High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI about 1 month ago
To fix the problem, we need to sanitize the id parameter before using it in the URL. This can be done by ensuring that the id parameter only contains safe characters. A common approach is to use a library like DOMPurify to sanitize the input or to use a regular expression to allow only alphanumeric characters.
In this case, we will use a regular expression to allow only alphanumeric characters in the id parameter. This will prevent any malicious scripts from being included in the URL.
Suggested changeset
1
frontend/src/compliance/ConsumerSalesContainer.js
| @@ -30,3 +30,4 @@ | ||
| const [forecastTotals, setForecastTotals] = useState({}) | ||
| const { id } = useParams() | ||
| const { id: rawId } = useParams() | ||
| const id = rawId.replace(/[^a-zA-Z0-9]/g, '') | ||
|
|
Copilot is powered by AI and may make mistakes. Always verify output.
tim738745
force-pushed
the
oct_1_2024_stuff_v2
branch
from
8ba592e
to
30a7567
Compare
tim738745
changed the title
* initial commit * small change * sales forecast backend
* feat: 2204 and 2209 = sales forecast * some changes * wording changes * some changes
…ZEVs supplied (#2231) * feat: 2219 - forecast report colum mapping + automatic summation of ZEVs supplied * small change * fix totals display upon discard of records
…t-disposition is not an exposed header
tim738745
force-pushed
the
oct_1_2024_stuff_v2
branch
from
afc5a5a
to
af8c61a
Compare
emi-hi
approved these changes
Sep 25, 2024
JulianForeman
approved these changes
Sep 25, 2024
|
kuanfandevops
added a commit
that referenced
this pull request
Oct 1, 2024
* initial update for 1.61.0 * udpate pr number * fix - adds is_government to basic user serializer (#2276) * Oct 1 2024 stuff -- build-on-dev (#2226) * feat: 2207 - sales forecast (#2211) * initial commit * small change * sales forecast backend * feat: 2204 and 2209 - sales forecast (#2218) * feat: 2204 and 2209 = sales forecast * some changes * wording changes * some changes * oct 1 stuff - spreadsheet column name changes (#2225) * address codeQL-raised issue * Task: Frontend Spreadsheet Record Validation #2220 (#2228) * Frontend validation for SalesForecastRecord records. * Fixing casing * Cleanup * feat: 2219 - forecast report column mapping + automatic summation of ZEVs supplied (#2231) * feat: 2219 - forecast report colum mapping + automatic summation of ZEVs supplied * small change * fix totals display upon discard of records * feat: 2221 - some styling (#2236) * Task: Sales Forecast Report Checkbox Assertion #2222 (#2232) * Adding new signing authority assertion for Sales Forecast * Cleaning up * wording changes * formatting * fix: amend download() function to take into account case where content-disposition is not an exposed header * update template * spreadsheet validation updates * spreadsheet validation cleanup * Added message for a successful or unsuccessful upload (#2278) Co-authored-by: julianforeman <julianforeman@me.com> * cleanup --------- Co-authored-by: JulianForeman <71847719+JulianForeman@users.noreply.github.com> Co-authored-by: julianforeman <julianforeman@me.com> * fix: comment edit (#2277) * fix: adds context to update comment * chore: removes extra spaces --------- Co-authored-by: Emily <44536222+emi-hi@users.noreply.github.com> Co-authored-by: tim738745 <98717409+tim738745@users.noreply.github.com> Co-authored-by: JulianForeman <71847719+JulianForeman@users.noreply.github.com> Co-authored-by: julianforeman <julianforeman@me.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.