search

v8 / node

Node.js JavaScript runtime :sparkles::turtle::rocket::sparkles:
https://nodejs.org
Other
171 stars 66 forks source link

Update timeline-track-stacked-base.mjs DOM text reinterpreted as HTML #184

Closed Shivam7-1 closed 6 months ago

Shivam7-1 commented 6 months ago

By using innerText, it will avoid the risk of HTML injection, as these properties automatically escape any HTML special characters in the provided text. This helps prevent cross-site scripting (XSS) vulnerabilities by treating the input as plain text rather than interpreted HTML.

Shivam7-1 commented 6 months ago

Hi @victorgomes Could You Please Review This PR Thanks

Shivam7-1 commented 6 months ago

Hi @victorgomes Could You Please Review This PR Thanks

Shivam7-1 commented 6 months ago

Hi @pthier Could You Please Review This PR Thanks

pthier commented 6 months ago

Hi, this is the wrong repo for this change. This should be done directly in the v8 repository (not the node clone). See https://v8.dev/docs/contribute

Shivam7-1 commented 6 months ago

Hi @pthier Thanks For Replying So Should I Close this PR Overhere ?

Because as I Don't see this File name in V8 Repo Thanks

pthier commented 6 months ago

Yes, let's close this PR. The file is in tools/system-analyzer/... in the v8 checkout.

Besides that, I don't think the change makes a lot of sense. The line you are changing only clears the value. There is no user-controlled input involved.

Shivam7-1 commented 5 months ago

Hi @pthier Thanks For Response Could You Please Help me out I am facing error while while creating PR in V8 Repo whenever i try to push changes i am getting this error remote: INVALID_ARGUMENT: Request contains an invalid argument remote: [type.googleapis.com/google.rpc.LocalizedMessage] remote: locale: "en-US" remote: message: "Invalid authentication credentials. Please generate a new identifier: https://chromium.googlesource.com/new-password" remote: remote: [type.googleapis.com/google.rpc.RequestInfo] remote: request_id: "ece278af4330446a8e9668e0c0b225e3" fatal: unable to access 'https://chromium.googlesource.com/v8/v8.git/': The requested URL returned error: 400

As i Dont have @chromium.com or any google email id i had used personal one i had also visited to https://chromium.googlesource.com/new-password for password changes i had added to all mentioned things to this file .gitcookies but still getting above error Could You Please Help me How can i resolve this Problem Thanks