Skip to content

Fix link and embed XSS in examples#5688

Merged
dylans merged 1 commit intoianstormtaylor:mainfrom
12joan:fix/xss
Aug 1, 2024
Merged

Fix link and embed XSS in examples#5688
dylans merged 1 commit intoianstormtaylor:mainfrom
12joan:fix/xss

Conversation

@12joan
Copy link
Copy Markdown
Contributor

@12joan 12joan commented Jul 30, 2024

Description
The example code for links and embeds is vulnerable to XSS. This PR resolves the issue by explicitly checking the URL protocol.

Example
Before:

recording.mp4

Checks

  • The new code matches the existing patterns and styles.
  • The tests pass with yarn test.
  • The linter passes with yarn lint. (Fix errors with yarn fix.)
  • The relevant examples still work. (Run examples with yarn start.)
  • You've added a changeset if changing functionality. (Add one with yarn changeset add.)

@changeset-bot
Copy link
Copy Markdown

changeset-bot Bot commented Jul 30, 2024

⚠️ No Changeset found

Latest commit: 49b11a8

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@dylans dylans merged commit a6910b7 into ianstormtaylor:main Aug 1, 2024
@12joan 12joan deleted the fix/xss branch October 1, 2024 08:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dylans dylans dylans approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@12joan @dylans