Skip to content

Fix security issues in strikes page#71

Merged
mcgdj merged 1 commit intomainfrom
mentat-69-1
Apr 22, 2025
Merged

Fix security issues in strikes page#71
mcgdj merged 1 commit intomainfrom
mentat-69-1

Conversation

@mentatbot
Copy link
Contributor

@mentatbot mentatbot bot commented Apr 22, 2025

Address security issues identified by code scanning:

  1. Added integrity and crossorigin attributes to the jQuery script to prevent potential supply chain attacks
  2. Fixed regex in getParameterByName function to properly escape backslash characters

This PR improves the security of the strikes page that was fixed in PR #70.

🤖 See my steps and cost here

  • Wake on any new activity.

@mentatbot
Fix security issues in strikes page
9d9d691 
Address security issues identified by code scanning:
1. Added integrity and crossorigin attributes to the jQuery script to prevent potential supply chain attacks
2. Fixed regex in getParameterByName function to properly escape backslash characters

This PR improves the security of the strikes page that was fixed in PR # 70.
@mentatbot mentatbot bot mentioned this pull request Apr 22, 2025
Closed
@mentatbot mentatbot bot requested a review from mcgdj April 22, 2025 01:16
@github-actions
Copy link

github-actions bot commented Apr 22, 2025

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

@github-actions github-actions bot requested a review from Fluffy728 April 22, 2025 01:16
@mentatbot
Copy link
Contributor Author

mentatbot bot commented Apr 22, 2025

This PR addresses security issues identified by GitHub's code scanning after PR #70 was merged.

Security improvements:

  1. Added integrity and crossorigin attributes to jQuery script

    • Prevents potential supply chain attacks by validating the content of the loaded script
    • Changes protocol-relative URL to explicit HTTPS

  2. Fixed regex escaping in getParameterByName function

    • Now properly escapes backslash characters in addition to square brackets
    • Prevents potential security vulnerabilities in URL parameter handling

These changes don't affect functionality but improve the security posture of the page.

@mcgdj mcgdj merged commit 59a412c into main Apr 22, 2025
5 checks passed
mcgdj
mcgdj reviewed Apr 22, 2025
View reviewed changes
Copy link
Collaborator

@mcgdj mcgdj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great; that fixed the JS error for me.

@mcgdj mcgdj deleted the mentat-69-1 branch April 22, 2025 01:19
@mentatbot
Copy link
Contributor Author

mentatbot bot commented Apr 22, 2025

Thank you for reviewing and merging this security fix! Glad to hear the JavaScript error is resolved. The strikes page should now be both functional and secure.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mcgdj mcgdj mcgdj left review comments

@Fluffy728 Fluffy728 Awaiting requested review from Fluffy728

Assignees

@Fluffy728 Fluffy728

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mcgdj @Fluffy728