search

rodpolako / Chess-PGN-Trainer

Online tool that opens chess PGN files and allows the user to practice the moves. This tool is to help with drilling, as efficiently as possible, a set group of puzzles/games in an appropriately configured PGN file. Once the set is complete, the player sees how many errors they made as well as how long the set took to complete.
MIT License
4 stars 1 forks source link

Fix code scanning alert - Inclusion of functionality from an untrusted source #4

Open rodpolako opened 1 month ago

rodpolako commented 1 month ago

Tracking issue for:

rodpolako commented 1 month ago

Fixes needed:

Update link to JQueryUI <script src="https://code.jquery.com/ui/1.13.2/jquery-ui.js" integrity="sha384-EZJUCwX9EfOmrML5/1WejmhFx/azi54nnVfOndPu+VTQKOHabXXC9eS7VFdkLz0V" crossorigin="anonymous"></script>

Update link to JQuery <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.7.0/jquery.min.js" integrity="sha384-NXgwF8Kv9SSAr+jemKKcbvQsz+teULH/a5UNJvZc6kP47hZgl62M1vGnw6gHQhb1" crossorigin="anonymous"></script>

May also want to remove dependency on local copy of chess.js and instead use direct link: <script src="https://cdnjs.cloudflare.com/ajax/libs/chess.js/0.10.2/chess.js" integrity="sha384-s3XgLpvmHyscVpijnseAmye819Ee3yaGa8NxstkJVyA6nuDFjt59u1QvuEl/mecz" crossorigin="anonymous"></script>

Will include in next release.