You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@myfaces.apache.org by lo...@apache.org on 2023/02/22 13:52:56 UTC
[myfaces-tobago] branch tobago-5.x updated: fix: avoid GitHubs code scanning alert (#3784)
This is an automated email from the ASF dual-hosted git repository.
lofwyr pushed a commit to branch tobago-5.x
in repository https://gitbox.apache.org/repos/asf/myfaces-tobago.git
The following commit(s) were added to refs/heads/tobago-5.x by this push:
new da72790bed fix: avoid GitHubs code scanning alert (#3784)
da72790bed is described below
commit da72790bed3b19d2aa96efa84dcf06cad1d0fca9
Author: Udo Schnurpfeil <lo...@apache.org>
AuthorDate: Wed Feb 22 14:52:48 2023 +0100
fix: avoid GitHubs code scanning alert (#3784)
* DOM text reinterpreted as HTML
---
.../tobago-example-demo/src/main/webapp/script/tobago-testAll.js | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/tobago-example/tobago-example-demo/src/main/webapp/script/tobago-testAll.js b/tobago-example/tobago-example-demo/src/main/webapp/script/tobago-testAll.js
index 9760b33b06..380feab19d 100644
--- a/tobago-example/tobago-example-demo/src/main/webapp/script/tobago-testAll.js
+++ b/tobago-example/tobago-example-demo/src/main/webapp/script/tobago-testAll.js
@@ -35,7 +35,9 @@ function testAll() {
function cycle() {
const iframe = document.getElementById("page:tp" + count);
- const url = iframe.getAttribute("name");
+ let url = iframe.getAttribute("name");
+ // to avoid GitHubs code scanning alert: DOM text reinterpreted as HTML
+ url = window.encodeURI(window.decodeURIComponent(url));
iframe.setAttribute("src", url);
const tpWindow = document.getElementById("page:tp" + count).contentWindow;