-
Tracking issue for:
- [ ] https://github.com/yihong1120/Construction-Hazard-Detection/security/code-scanning/20
-
Tracking issue for:
- [ ] https://github.com/yihong1120/Construction-Hazard-Detection/security/code-scanning/21
-
When a search engine is enabled, if I type in the address bar a single word then the page loads as https://`thatword`/. However if I type multiple words it works as expected.
If I put in the follow…
-
**Describe the problem**
Management URLs are not sanitized against user input. If the user enters invalid characters nothing happens when they click connect and they are left scratching their heads…
-
## Background
Determine that url does exist and it not using XSS
## Acceptance Criteria
- [ ] Suggest design
- [ ] On FE, prevent invalid/unsafe urls from being used
- [ ] On BE, for redu…
-
https://github.com/Saijin-Naib/UAVArena/security/code-scanning/1
```
main.js:146
```
```
Tool
CodeQL
Rule ID
js/incomplete-url-substring-sanitization
Query
[View source](https://github.com/github/co…
-
### Issue Summary
With `ui/safe` enabled, it's still possible to render `javascript:` protocol links by including `\n` or `\r` characters in the protocol.
### Steps to Reproduce:
Go to this c…
-
### Question
I'm struggling to prevent sensitive URLs from being captured and sent to Datadog in my React Native application.
I'm using resourceEventMapper to sanitize URLs before they're sent, bu…
-
Ensure the clone url is always a url. We currently trust that the clone url doesn't contain harmful content.
-
## User Story
In order to ensure CKAN follows best security practices regarding sanitizing inputs, data.gov wants to audit URL parameters in CKAN in order to ensure all URL inputs are properly sani…