Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: add older versions to gh pages deploy #1697

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

chore: add older versions to gh pages deploy #1697

wants to merge 1 commit into from

Conversation

joyenjoyer
Copy link
Contributor

No description provided.

@joyenjoyer joyenjoyer self-assigned this Sep 24, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Sep 24, 2024
edited
Loading

PR Preview Action v1.4.8
🚀 Deployed preview to https://instructure.github.io/instructure-ui/pr-preview/pr-1697/
on branch gh-pages at 2024-09-27 14:39 UTC

github-advanced-security[bot]
github-advanced-security bot found potential problems Sep 27, 2024
View reviewed changes
packages/__docs__/src/Header/index.tsx
@@ -69,9 +69,12 @@
// If we select the latest version from the dropdown,
// then navigate to the index (instructure.design/#currentHash).
// In every other case eg.: v6,v7 navigate to --> instructure.design/v6/#currentHash
const rootToAdd = window.location.origin.includes('github.io')

Check failure

Code scanning / CodeQL

Incomplete URL substring sanitization High

'
github.io
Loading
' can be anywhere in the URL, and arbitrary hosts may come before or after it.

Copilot Autofix AI 9 days ago

To fix the problem, we need to replace the substring check with a more secure method of validating the host of the URL. We will use the URL constructor to parse the URL and then check the host directly. This ensures that the check is performed on the correct part of the URL and cannot be bypassed by embedding the allowed host in an unexpected location.

  1. Parse the URL using the URL constructor.
  2. Check the hostname property of the parsed URL to determine if it matches github.io.
Suggested changeset 1
packages/__docs__/src/Header/index.tsx

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/packages/__docs__/src/Header/index.tsx b/packages/__docs__/src/Header/index.tsx
--- a/packages/__docs__/src/Header/index.tsx
+++ b/packages/__docs__/src/Header/index.tsx
@@ -71,3 +71,4 @@
     // In every other case eg.: v6,v7 navigate to --> instructure.design/v6/#currentHash
-    const rootToAdd = window.location.origin.includes('github.io')
+    const url = new URL(window.location.href);
+    const rootToAdd = url.hostname === 'github.io'
       ? '/instructure-ui'
EOF
@@ -71,3 +71,4 @@
// In every other case eg.: v6,v7 navigate to --> instructure.design/v6/#currentHash
const rootToAdd = window.location.origin.includes('github.io')
const url = new URL(window.location.href);
const rootToAdd = url.hostname === 'github.io'
? '/instructure-ui'
Copilot is powered by AI and may make mistakes. Always verify output.
packages/__docs__/src/versionData.js
const versionsData = await result.json()

return versionsData
let input = window.location.hostname.includes('github.io')

Check failure

Code scanning / CodeQL

Incomplete URL substring sanitization High

'
github.io
Loading
' can be anywhere in the URL, and arbitrary hosts may come before or after it.
@balzss balzss self-requested a review September 27, 2024 16:07
balzss
balzss requested changes Sep 29, 2024
View reviewed changes
Copy link
Contributor

@balzss balzss left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

see #1702

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@balzss balzss balzss requested changes

@matyasf matyasf matyasf approved these changes

@HerrTopi HerrTopi HerrTopi approved these changes

Requested changes must be addressed to merge this pull request.

Assignees

@joyenjoyer joyenjoyer

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@joyenjoyer @matyasf @HerrTopi @balzss