New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix XSS security vulnerability #2072
Conversation
Codecov Report
@@ Coverage Diff @@
## dev #2072 +/- ##
============================================
+ Coverage 67.73% 67.75% +0.01%
Complexity 4907 4907
============================================
Files 128 128
Lines 21190 21198 +8
============================================
+ Hits 14354 14362 +8
Misses 6836 6836 |
|
@arzola will you add a reference to the issue addressed by this PR in the PR description as well as any information the reviewer/tester might need to review/test this PR? See https://github.com/pressbooks/pressbooks-lti-provider-1p3/pull/126 or #2070 for two previous examples. |
|
@SteelWagstaff @richard015ar I added the description I think now it's ready for review, thanks |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM! thank you Oscar!
Related issues #2066 and #404
This security fix clean and sanitize metadata book info metaboxes to prevent XSS attacks on fields that allows HTML input, this uses Htmlawed to filter and sanitize the input values.
How to test
Requirements:
Steps:
Notes
Two tests were added
Functional test
Unit test