Ramadan Release #2330
Ramadan Release #2330
Conversation
fix font files
* QF-984 add support for multiple authors per learning plan * QF-985 Add multiple learning plan editors (#2218)
Add MS locale support
Co-authored-by: Ahmed Hussein <[email protected]>
* Add the ability to embed iframes in markdown * Fix TS issue * Fix TS issue * Fix TS issue * Fix TS issue
* introduced proxy to backend with redirect to auth * feat: introduced signature generation for interecting with api gateway * fix: added documentation and resolved some changes requested * adds documentation * fix: added comment to explain the purpose of [...path] file * Fix linting issues * fix: added support for content and auth service through API gateway * fix: resolve build issue for static props building * fix: fixed env var name --------- Co-authored-by: Osama Sayed <[email protected]>
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| return getFormErrors(t, ErrorType.API, errors); | ||
| } | ||
|
|
||
| router.push(redirect || '/'); |
Check failure
Code scanning / CodeQL
Client-side cross-site scripting High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI about 10 hours ago
To fix the problem, we need to ensure that the redirect parameter is properly sanitized before being used in the router.push function. The best way to do this is to use a library that provides URL validation and sanitization functions. One such library is validator, which offers a isURL function to validate URLs.
We will:
- Import the
validatorlibrary. - Use the
isURLfunction to validate theredirectparameter. - If the
redirectparameter is not a valid URL, we will default to the root URL ('/').
| @@ -4,2 +4,3 @@ | ||
| import useTranslation from 'next-translate/useTranslation'; | ||
| import validator from 'validator'; | ||
|
|
||
| @@ -62,3 +63,4 @@ | ||
|
|
||
| router.push(redirect || '/'); | ||
| const safeRedirect = redirect && validator.isURL(redirect) ? redirect : '/'; | ||
| router.push(safeRedirect); | ||
| return undefined; | ||
| @@ -102,3 +104 @@ | ||
| }; | ||
|
|
||
| export default SignInForm; |
| @@ -115,3 +115,4 @@ | ||
| "swr": "1.2.1", | ||
| "xstate": "^4.33.6" | ||
| "xstate": "^4.33.6", | ||
| "validator": "^13.12.0" | ||
| }, |
| Package | Version | Security advisories |
| validator (npm) | 13.12.0 | None |
| return getFormErrors(t, ErrorType.API, errors); | ||
| } | ||
|
|
||
| router.push(redirect || '/'); |
Check warning
Code scanning / CodeQL
Client-side URL redirect Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI about 10 hours ago
To fix the problem, we need to ensure that the redirect parameter is validated against a list of authorized URLs before performing the redirection. This can be achieved by maintaining a list of allowed redirect URLs and checking if the redirect parameter matches any of these URLs before calling router.push.
- Create a list of authorized redirect URLs.
- Validate the
redirectparameter against this list. - Only perform the redirection if the
redirectparameter is in the list of authorized URLs; otherwise, redirect to a default safe URL.
| @@ -62,3 +62,5 @@ | ||
|
|
||
| router.push(redirect || '/'); | ||
| const authorizedRedirects = ['/', '/dashboard', '/profile']; // Add authorized URLs here | ||
| const safeRedirect = authorizedRedirects.includes(redirect) ? redirect : '/'; | ||
| router.push(safeRedirect); | ||
| return undefined; |
No description provided.