btylerburton
commented
1 month ago Hat tip to Github Copilot for this one. @FuhuXia I think we can leave off updating USWDS for now since this fixed the vulnerability.
Closed btylerburton closed 1 month ago
btylerburton
commented
1 month ago Hat tip to Github Copilot for this one. @FuhuXia I think we can leave off updating USWDS for now since this fixed the vulnerability.
btylerburton
commented
1 month ago Related to:
Fixes https://github.com/GSA/data-strategy/security/code-scanning/1
To fix the problem, we need to ensure that backslashes in the
idvariable are properly escaped before it is used in the query selector. This can be done by modifying theid.replacemethod to also escape backslashes. We will use a regular expression with the global flag to replace all occurrences of backslashes and double quotes.id.replacemethod on line 1212 to escape both backslashes and double quotes.replacemethod includes the global flag to replace all occurrences.Suggested fixes powered by Copilot Autofix. Review carefully before merging.