To fix the reflected cross-site scripting vulnerability, we need to ensure that any user-controlled input is properly sanitized or escaped before being included in the HTTP response. In this case, we can use the html.EscapeString function from the html package to escape any potentially dangerous characters in the githubReqID before including it in the resp.body.
Suggested fixes powered by Copilot Autofix. Review carefully before merging.
Fixes https://github.com/runatlantis/atlantis/security/code-scanning/12
To fix the reflected cross-site scripting vulnerability, we need to ensure that any user-controlled input is properly sanitized or escaped before being included in the HTTP response. In this case, we can use the
html.EscapeStringfunction from thehtmlpackage to escape any potentially dangerous characters in thegithubReqIDbefore including it in theresp.body.Suggested fixes powered by Copilot Autofix. Review carefully before merging.