Tracking pull request to merge release-1.61.0 to master #2270
Conversation
* feat: 2207 - sales forecast (#2211) * initial commit * small change * sales forecast backend * feat: 2204 and 2209 - sales forecast (#2218) * feat: 2204 and 2209 = sales forecast * some changes * wording changes * some changes * oct 1 stuff - spreadsheet column name changes (#2225) * address codeQL-raised issue * Task: Frontend Spreadsheet Record Validation #2220 (#2228) * Frontend validation for SalesForecastRecord records. * Fixing casing * Cleanup * feat: 2219 - forecast report column mapping + automatic summation of ZEVs supplied (#2231) * feat: 2219 - forecast report colum mapping + automatic summation of ZEVs supplied * small change * fix totals display upon discard of records * feat: 2221 - some styling (#2236) * Task: Sales Forecast Report Checkbox Assertion #2222 (#2232) * Adding new signing authority assertion for Sales Forecast * Cleaning up * wording changes * formatting * fix: amend download() function to take into account case where content-disposition is not an exposed header * update template * spreadsheet validation updates * spreadsheet validation cleanup * Added message for a successful or unsuccessful upload (#2278) Co-authored-by: julianforeman <julianforeman@me.com> * cleanup --------- Co-authored-by: JulianForeman <71847719+JulianForeman@users.noreply.github.com> Co-authored-by: julianforeman <julianforeman@me.com>
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| history.push(ROUTES_COMPLIANCE.REPORTS) | ||
| history.replace( | ||
| ROUTES_COMPLIANCE.REPORT_CONSUMER_SALES.replace(':id', id) | ||
| ROUTES_COMPLIANCE.REPORT_CONSUMER_SALES.replace(/:id/g, id) |
Check failure
Code scanning / CodeQL
Client-side cross-site scripting High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI about 1 month ago
To fix the problem, we need to sanitize the id parameter before using it in the URL. This can be done by ensuring that the id parameter only contains safe characters. A common approach is to use a library like DOMPurify to sanitize the input or to use a regular expression to allow only alphanumeric characters.
In this case, we will use a regular expression to allow only alphanumeric characters in the id parameter. This will prevent any malicious scripts from being included in the URL.
| @@ -30,3 +30,4 @@ | ||
| const [forecastTotals, setForecastTotals] = useState({}) | ||
| const { id } = useParams() | ||
| const { id: rawId } = useParams() | ||
| const id = rawId.replace(/[^a-zA-Z0-9]/g, '') | ||
|
|
* fix: adds context to update comment * chore: removes extra spaces
|
No description provided.