fix: [M3-6446] - Fix code scanning alert that DOM text is reinterpreted as HTML #9032

bnussman-akamai · 2023-04-19T18:06:24Z

Description 📝

Fixes https://github.com/linode/manager/security/code-scanning/23
Uses Braintree's sanitize-url because it already is already baked into our repo
- I considered sanitize-html, which we also have installed, but Braintree's sanitize-url seems like a better fit for this use case

Verify that the <ExternalLink /> component still works as expected
- You can test this by clicking links in the Footer
Verify that SupportSearchLanding (http://localhost:3000/support/search/?query=) still works as expected because this is what triggered the alert

cypress · 2023-04-19T18:30:05Z

0	149	3	0	1

Details:

cypress/e2e/account/sms-verification.spec.ts • 1 flaky test

Test		Artifacts
SMS phone verification > can opt into SMS phone verification		`Output` `Screenshots` `Video`

_{This comment has been generated by cypress-bot as a result of this
project's GitHub integration settings.}

jaalah-akamai

🧼 Nice and clean (no pun intended)

sanitize the href in the <a>

47eb19c

bnussman-akamai added Security Pull requests that address a security vulnerability Ready for Review labels Apr 19, 2023

bnussman-akamai self-assigned this Apr 19, 2023

jaalah-akamai approved these changes Apr 20, 2023

View reviewed changes

hana-akamai approved these changes Apr 20, 2023

View reviewed changes

bnussman-akamai merged commit 35cc500 into linode:develop Apr 20, 2023

bnussman-akamai mentioned this pull request May 1, 2023

staging → master for v1.92.0 #9070

Merged