Skip to content

Prevent HTML/XSS Injection in Scala Search #19980

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Mar 19, 2024
Merged

Prevent HTML/XSS Injection in Scala Search #19980

merged 1 commit into from
Mar 19, 2024

Conversation

@avivkeller
Copy link
Contributor

@avivkeller avivkeller commented Mar 19, 2024

This PR fixes the _layouts/search.html file to use innerText rather than innerHTML. This will prevent the ability to inject HTML/XSS into the code of the page.

@nicolasstucki
Copy link
Contributor

nicolasstucki commented Mar 19, 2024

@redyetidev you will need to sign the CLA here https://www.lightbend.com/contribute/cla/scala

@avivkeller
Copy link
Contributor Author

avivkeller commented Mar 19, 2024

Thanks! It is now signed!

@nicolasstucki nicolasstucki requested a review from Florian3k March 19, 2024 13:17
@Florian3k Florian3k merged commit 4554131 into scala:main Mar 19, 2024
@avivkeller avivkeller deleted the patch-1 branch March 19, 2024 16:06
@Kordyjan Kordyjan added this to the 3.4.2 milestone Mar 28, 2024
WojciechMazur pushed a commit that referenced this pull request Jul 3, 2024
@avivkeller @WojciechMazur
Prevent HTML/XSS Injection in Scala Search (#19980)
22a5408 
This PR fixes the `_layouts/search.html` file to use `innerText` rather
than `innerHTML`. This will prevent the ability to inject HTML/XSS into
the code of the page.
[Cherry-picked 4554131]
@WojciechMazur WojciechMazur mentioned this pull request Jul 3, 2024
Merged
WojciechMazur pushed a commit that referenced this pull request Jul 3, 2024
@avivkeller @WojciechMazur
Prevent HTML/XSS Injection in Scala Search (#19980)
12ab576 
This PR fixes the `_layouts/search.html` file to use `innerText` rather
than `innerHTML`. This will prevent the ability to inject HTML/XSS into
the code of the page.
[Cherry-picked 4554131]
WojciechMazur pushed a commit that referenced this pull request Jul 3, 2024
@avivkeller @WojciechMazur
Prevent HTML/XSS Injection in Scala Search (#19980)
1f761bb 
This PR fixes the `_layouts/search.html` file to use `innerText` rather
than `innerHTML`. This will prevent the ability to inject HTML/XSS into
the code of the page.
[Cherry-picked 4554131]
WojciechMazur added a commit that referenced this pull request Jul 4, 2024
@WojciechMazur
Backport "Prevent HTML/XSS Injection in Scala Search" to LTS (#21005)
29c9888 
Backports #19980 to the LTS branch.

PR submitted by the release tooling.
[skip ci]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Florian3k Florian3k Florian3k approved these changes

Assignees

@Florian3k Florian3k

Labels

None yet

Projects

None yet

Milestone

3.4.2

Development

Successfully merging this pull request may close these issues.

4 participants

@avivkeller @nicolasstucki @Florian3k @Kordyjan