Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Prevent HTML/XSS Injection in Scala Search #19980

Merged
merged 1 commit into from
Mar 19, 2024
Merged

Prevent HTML/XSS Injection in Scala Search #19980

merged 1 commit into from
Mar 19, 2024

Conversation

RedYetiDev
Copy link
Contributor

This PR fixes the _layouts/search.html file to use innerText rather than innerHTML. This will prevent the ability to inject HTML/XSS into the code of the page.

@nicolasstucki
Copy link
Contributor

@RedYetiDev you will need to sign the CLA here https://www.lightbend.com/contribute/cla/scala

@RedYetiDev
Copy link
Contributor Author

Thanks! It is now signed!

@Florian3k Florian3k merged commit 4554131 into scala:main Mar 19, 2024
19 checks passed
@RedYetiDev RedYetiDev deleted the patch-1 branch March 19, 2024 16:06
@Kordyjan Kordyjan added this to the 3.4.2 milestone Mar 28, 2024
WojciechMazur pushed a commit that referenced this pull request Jul 3, 2024
@RedYetiDev @WojciechMazur
Prevent HTML/XSS Injection in Scala Search (#19980)
22a5408 
This PR fixes the `_layouts/search.html` file to use `innerText` rather
than `innerHTML`. This will prevent the ability to inject HTML/XSS into
the code of the page.
[Cherry-picked 4554131]
@WojciechMazur WojciechMazur mentioned this pull request Jul 3, 2024
Merged
WojciechMazur pushed a commit that referenced this pull request Jul 3, 2024
@RedYetiDev @WojciechMazur
Prevent HTML/XSS Injection in Scala Search (#19980)
12ab576 
This PR fixes the `_layouts/search.html` file to use `innerText` rather
than `innerHTML`. This will prevent the ability to inject HTML/XSS into
the code of the page.
[Cherry-picked 4554131]
WojciechMazur pushed a commit that referenced this pull request Jul 3, 2024
@RedYetiDev @WojciechMazur
Prevent HTML/XSS Injection in Scala Search (#19980)
1f761bb 
This PR fixes the `_layouts/search.html` file to use `innerText` rather
than `innerHTML`. This will prevent the ability to inject HTML/XSS into
the code of the page.
[Cherry-picked 4554131]
WojciechMazur added a commit that referenced this pull request Jul 4, 2024
@WojciechMazur
Backport "Prevent HTML/XSS Injection in Scala Search" to LTS (#21005)
29c9888 
Backports #19980 to the LTS branch.

PR submitted by the release tooling.
[skip ci]
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@Florian3k Florian3k Florian3k approved these changes

Assignees

@Florian3k Florian3k

Labels
None yet
Projects
None yet
Milestone
3.4.2
Development

Successfully merging this pull request may close these issues.
4 participants
@RedYetiDev @nicolasstucki @Florian3k @Kordyjan