department-of-veterans-affairs / va.gov-team

Public resources for building on and in support of VA.gov. Visit complete Knowledge Hub:

https://depo-platform-documentation.scrollhelp.site/index.html

278 stars 195 forks source link

Client-side cross-site scripting #85132

Open pjhill opened 1 month ago

pjhill commented 1 month ago

Description

https://github.com/department-of-veterans-affairs/vets-website/security/code-scanning/1019

Acceptance Criteria

[ ] XSS issue with src/applications/terms-of-use/components/MyVAHealth.jsx:42 has been resolved

asg5704 commented 3 weeks ago

@pjhill This is a false positive. In the parseRedirectUrl function we sanitize the URL before any redirects. Happy to collaborate if there are any concerns.