Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(showcase): prevent arbitrary url evaluation #1955

Merged
merged 1 commit into from
Jul 17, 2024
Merged

fix(showcase): prevent arbitrary url evaluation #1955

merged 1 commit into from
Jul 17, 2024

Conversation

fpaul-1A
Copy link
Contributor

@fpaul-1A fpaul-1A commented Jul 8, 2024

Proposed change

Related issues

  • 🐛 Fixes #(issue)
  • 🚀 Feature #(issue)

@fpaul-1A fpaul-1A requested a review from a team as a code owner July 8, 2024 12:54
@nx-cloud Nx Cloud
Copy link

nx-cloud bot commented Jul 8, 2024
edited

☁️ Nx Cloud Report

CI is running/has finished running commands for commit 604eba0. As they complete they will appear below. Click to see the status, the terminal output, and the build insights.

📂 See all runs for this CI Pipeline Execution

✅ Successfully ran 1 target

Sent with 💌 from NxCloud.

cpaulve-1A
cpaulve-1A previously approved these changes Jul 8, 2024
View reviewed changes
@fpaul-1A fpaul-1A enabled auto-merge July 8, 2024 15:06
kpanot
kpanot reviewed Jul 9, 2024
View reviewed changes
apps/showcase/src/components/utilities/otter-icon/otter-icon-pres.component.ts Outdated
encapsulation: ViewEncapsulation.None,
changeDetection: ChangeDetectionStrategy.OnPush
})
export class OtterIconPresComponent {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why a component more that a pipe?
Here you just want to calculate the realUrl of an icon (I also think that the alt should not be the url of the icon but a meaningful short description)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree in general that the alt should be a meaningful description, but in that specific case we are displaying the image that has been uploaded to create a pet. There is no description for that image and I thought in that specific case the url was relevant
As for component vs pipe, I used a component with the idea that we could want to change some html/css on these images but at the end it might not be the case, so I'm ok to only use a pipe

@fpaul-1A fpaul-1A added this pull request to the merge queue Jul 17, 2024
Merged via the queue into main with commit 1abcda8 Jul 17, 2024
28 checks passed
@fpaul-1A fpaul-1A deleted the fix/showcase-otter-icon branch July 17, 2024 14:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cpaulve-1A cpaulve-1A cpaulve-1A left review comments

@kpanot kpanot kpanot approved these changes

@vscaiceanu-1a vscaiceanu-1a vscaiceanu-1a approved these changes

Assignees
No one assigned
Labels
bug Something isn't working project:@ama-sdk/schematics project:@o3r/core project:@o3r/showcase
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@fpaul-1A @kpanot @vscaiceanu-1a @cpaulve-1A