-
Notifications
You must be signed in to change notification settings - Fork 100
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore: add older versions to gh pages deploy #1697
base: master
Are you sure you want to change the base?
Conversation
|
1b0e204
to
545f29d
Compare
@@ -69,9 +69,12 @@ | |||
// If we select the latest version from the dropdown, | |||
// then navigate to the index (instructure.design/#currentHash). | |||
// In every other case eg.: v6,v7 navigate to --> instructure.design/v6/#currentHash | |||
const rootToAdd = window.location.origin.includes('github.io') |
Check failure
Code scanning / CodeQL
Incomplete URL substring sanitization High
github.io
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI 10 days ago
To fix the problem, we need to replace the substring check with a more secure method of validating the host of the URL. We will use the URL
constructor to parse the URL and then check the host directly. This ensures that the check is performed on the correct part of the URL and cannot be bypassed by embedding the allowed host in an unexpected location.
- Parse the URL using the
URL
constructor. - Check the
hostname
property of the parsed URL to determine if it matchesgithub.io
.
-
Copy modified lines R72-R73
@@ -71,3 +71,4 @@ | ||
// In every other case eg.: v6,v7 navigate to --> instructure.design/v6/#currentHash | ||
const rootToAdd = window.location.origin.includes('github.io') | ||
const url = new URL(window.location.href); | ||
const rootToAdd = url.hostname === 'github.io' | ||
? '/instructure-ui' |
const versionsData = await result.json() | ||
|
||
return versionsData | ||
let input = window.location.hostname.includes('github.io') |
Check failure
Code scanning / CodeQL
Incomplete URL substring sanitization High
github.io
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
see #1702
No description provided.