search

newrelic / nr1-workload-geoops

NR1 Workload Geo Ops aligns Workload data (or other Entities) in a Geographic management console.
Apache License 2.0
4 stars 19 forks source link

Fix vulnerability in Geo Ops App #150

Closed jpvajda closed 3 years ago

jpvajda commented 3 years ago

See JIRA ISSUE InfoSec-3208 for details.

rudouglas commented 3 years ago

@jpvajda added a fix so we check if the Runbook URL is safe before rendering the link. It won't render the button if it fails the check:

Screenshot 2021-05-05 at 11 50 08

Used Alec's Util from the nr1-github XSS fix: https://github.com/newrelic/nr1-github/blob/efdec062109c175d0d87d2426d17b1f99185fc22/nerdlets/shared/utils.js#L6