From 701e18ebd89c85a69e9efba5c80187f167fbb0d7 Mon Sep 17 00:00:00 2001 From: Dan Shanahan Date: Wed, 4 Dec 2024 14:47:42 -0800 Subject: [PATCH] Fix code scanning alert no. 35: Reflected cross-site scripting Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- frontend/mock-backend/mock-api-middleware.ts | 5 +++-- frontend/mock-backend/package.json | 3 ++- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/frontend/mock-backend/mock-api-middleware.ts b/frontend/mock-backend/mock-api-middleware.ts index 2cbad278054..2da701227d6 100644 --- a/frontend/mock-backend/mock-api-middleware.ts +++ b/frontend/mock-backend/mock-api-middleware.ts @@ -14,6 +14,7 @@ import * as express from 'express'; import { Response } from 'express-serve-static-core'; +import escapeHtml from 'escape-html'; import * as fs from 'fs'; import * as _path from 'path'; import { ApiExperiment, ApiListExperimentsResponse } from '../src/apis/experiment'; @@ -363,7 +364,7 @@ export default (app: express.Application) => { job.enabled = true; res.json({}); } else { - res.status(500).send('Cannot find a job with id ' + req.params.jid); + res.status(500).send('Cannot find a job with id ' + escapeHtml(req.params.jid)); } }, 1000); }); @@ -375,7 +376,7 @@ export default (app: express.Application) => { job.enabled = false; res.json({}); } else { - res.status(500).send('Cannot find a job with id ' + req.params.jid); + res.status(500).send('Cannot find a job with id ' + escapeHtml(req.params.jid)); } }, 1000); }); diff --git a/frontend/mock-backend/package.json b/frontend/mock-backend/package.json index 41aa3ae5226..315cc2404c1 100644 --- a/frontend/mock-backend/package.json +++ b/frontend/mock-backend/package.json @@ -10,6 +10,7 @@ "license": "ISC", "dependencies": { "@types/express": "^4.16.0", - "express": "^4.16.3" + "express": "^4.16.3", + "escape-html": "^1.0.3" } }