Skip to content

GENAI=YES|fix(security): prevent XSS injection in notifications display#11

Open
ulla899habeeb wants to merge 1 commit into
AuthorizeNet:masterfrom
ulla899habeeb:AI_sast_10683
Open

GENAI=YES|fix(security): prevent XSS injection in notifications display#11
ulla899habeeb wants to merge 1 commit into
AuthorizeNet:masterfrom
ulla899habeeb:AI_sast_10683

Conversation

@ulla899habeeb

Copy link
Copy Markdown
  • Add escapeHtml() function to sanitize user-controlled data
  • Escape eventDate, eventType, and formatedPayload before innerHTML insertion
  • Implement HMAC signature verification on POST /notifications endpoint
  • Remove 'unsafe-inline' from CSP scriptSrc directive
  • Add webhookSecret configuration for webhook authentication

- Add escapeHtml() function to sanitize user-controlled data
- Escape eventDate, eventType, and formatedPayload before innerHTML insertion
- Implement HMAC signature verification on POST /notifications endpoint
- Remove 'unsafe-inline' from CSP scriptSrc directive
- Add webhookSecret configuration for webhook authentication
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Development

Successfully merging this pull request may close these issues.

1 participant