secure-code-warrior-for-github[bot]
commented
3 months ago Micro-Learning Topic: Cross-site scripting (Detected by phrase)
Matched on "xss"
Cross-site scripting vulnerabilities occur when unescaped input is rendered into a page displayed to the user. When HTML or script is included in the input, it will be processed by a user's browser as HTML or script and can alter the appearance of the page or execute malicious scripts in their user context.
Try a challenge in Secure Code Warrior
Helpful references
- Prevent Cross-Site Scripting (XSS) in ASP.NET Core - A detailed Microsoft article on how to prevent cross-site scripting in ASP.NET Core.
- OWASP Cross Site Scripting (XSS) Software Attack - OWASP community page with comprehensive information about cross site scripting, and links to various OWASP resources to help detect or prevent it.
- OWASP Cross Site Scripting Prevention Cheat Sheet - This article provides a simple positive model for preventing XSS using output encoding properly.
difflens[bot]
This PR contains the following updates:
v2.9.0->v2.9.1Release Notes
step-security/harden-runner (step-security/harden-runner)
### [`v2.9.1`](https://togithub.com/step-security/harden-runner/releases/tag/v2.9.1) [Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.9.0...v2.9.1) ##### What's Changed Release v2.9.1 by [@h0x0er](https://togithub.com/h0x0er) and [@varunsh-coder](https://togithub.com/varunsh-coder) in [#440](https://togithub.com/step-security/harden-runner/issues/440) This release includes two changes: 1. Updated markdown displayed in the job summary by the Harden-Runner Action. 2. Fixed a bug affecting Enterprise Tier customers where the agent attempted to upload telemetry for jobs with disable-telemetry set to true. No telemetry was uploaded as the endpoint was not in the allowed list. **Full Changelog**: https://github.com/step-security/harden-runner/compare/v2...v2.9.1Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.