Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[documentation] Add to CHANGELOG #8473

Merged
merged 1 commit into from
Mar 28, 2023
Merged

[documentation] Add to CHANGELOG #8473

merged 1 commit into from
Mar 28, 2023

Conversation

CamilleBeau
Copy link
Contributor

Brief summary of changes

Adds to Changelog for #7491 and #7772

  • Have you updated related documentation?

@CamilleBeau CamilleBeau added this to the 25.0.0 milestone Mar 22, 2023
@CamilleBeau CamilleBeau added the Documentation PR or issue introducing/requiring modifications to the code documentation (test plans, wikis, docs) label Mar 22, 2023
ridz1208
ridz1208 reviewed Mar 24, 2023
View reviewed changes
CHANGELOG.md
@@ -24,6 +24,8 @@ changes in the following format: PR #1234***
- BVL Feedback widget only shows notifications for the users sites / projects (PR #7848)
- Add Date status change value in session table (PR #8350)
- Fixed the Candidate Age at Death field label and Data Dictionary item for LINST instruments (PR #8362)
- Allow clearing a previously entered consent status in candidate parameters (PR #7772)
- Add code sanitizer before dangerouslySetInnerHTML is used in login to protect against XSS attacks (PR #7491)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@driusan do you know if the dangerouslySetInnerHTML could cause some html to be displayed on the front end now? does it need an entry in "notes for existing projects"

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It was already using dangerouslySetInnerHTML. It's now still doing that but running it through DOMPurify first.

https://github.com/aces/Loris/pull/7491/files#diff-3ca0f06ecf3edb67af7297ed3f6034843ee1f0e420ab037369c8dab21d90d28cL180

@driusan driusan merged commit 1f3bb49 into aces:main Mar 28, 2023
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@driusan driusan driusan left review comments

@ridz1208 ridz1208 ridz1208 approved these changes

Assignees
No one assigned
Labels
Documentation PR or issue introducing/requiring modifications to the code documentation (test plans, wikis, docs)
Projects
None yet
Milestone
25.0.0
Development

Successfully merging this pull request may close these issues.
3 participants
@CamilleBeau @driusan @ridz1208