Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merge main into dev #128

Merged
merged 51 commits into from
May 21, 2024

Merge pull request #126 from mpast/dependabot/pip/requests-2.32.0

61b9641
Select commit
Loading
Failed to load commit list.
Merged

Merge main into dev #128

Merge pull request #126 from mpast/dependabot/pip/requests-2.32.0
61b9641
Select commit
Loading
Failed to load commit list.
GitHub Advanced Security / Semgrep PRO succeeded May 21, 2024 in 2s

31 new alerts

New alerts in code changed by this pull request

  • 31 warnings

See annotations below for details.

View all branch alerts.

Annotations

Check warning on line 515 in app/templates/export.html

See this annotation in the file changed.

Code scanning / Semgrep PRO

Semgrep Finding: javascript.express.security.audit.xss.mustache.var-in-href.var-in-href Warning

Detected a template variable used in an anchor tag with the 'href' attribute. This allows a malicious actor to input the 'javascript:' URI and is subject to cross- site scripting (XSS) attacks. If using a relative URL, start with a literal forward slash and concatenate the URL, like this: href='/{link}'. You may also consider setting the Content Security Policy (CSP) header.

Check warning on line 519 in app/templates/export.html

See this annotation in the file changed.

Code scanning / Semgrep PRO

Semgrep Finding: javascript.express.security.audit.xss.mustache.var-in-href.var-in-href Warning

Detected a template variable used in an anchor tag with the 'href' attribute. This allows a malicious actor to input the 'javascript:' URI and is subject to cross- site scripting (XSS) attacks. If using a relative URL, start with a literal forward slash and concatenate the URL, like this: href='/{link}'. You may also consider setting the Content Security Policy (CSP) header.

Check warning on line 18 in app/templates/finding.html

See this annotation in the file changed.

Code scanning / Semgrep PRO

Semgrep Finding: javascript.express.security.audit.xss.mustache.var-in-href.var-in-href Warning

Detected a template variable used in an anchor tag with the 'href' attribute. This allows a malicious actor to input the 'javascript:' URI and is subject to cross- site scripting (XSS) attacks. If using a relative URL, start with a literal forward slash and concatenate the URL, like this: href='/{link}'. You may also consider setting the Content Security Policy (CSP) header.

Check warning on line 22 in app/templates/finding.html

See this annotation in the file changed.

Code scanning / Semgrep PRO

Semgrep Finding: javascript.express.security.audit.xss.mustache.var-in-href.var-in-href Warning

Detected a template variable used in an anchor tag with the 'href' attribute. This allows a malicious actor to input the 'javascript:' URI and is subject to cross- site scripting (XSS) attacks. If using a relative URL, start with a literal forward slash and concatenate the URL, like this: href='/{link}'. You may also consider setting the Content Security Policy (CSP) header.

Check warning on line 58 in app/templates/finding.html

See this annotation in the file changed.

Code scanning / Semgrep PRO

Semgrep Finding: javascript.express.security.audit.xss.mustache.var-in-href.var-in-href Warning

Detected a template variable used in an anchor tag with the 'href' attribute. This allows a malicious actor to input the 'javascript:' URI and is subject to cross- site scripting (XSS) attacks. If using a relative URL, start with a literal forward slash and concatenate the URL, like this: href='/{link}'. You may also consider setting the Content Security Policy (CSP) header.

Check warning on line 67 in app/templates/findings.html

See this annotation in the file changed.

Code scanning / Semgrep PRO

Semgrep Finding: javascript.express.security.audit.xss.mustache.var-in-href.var-in-href Warning

Detected a template variable used in an anchor tag with the 'href' attribute. This allows a malicious actor to input the 'javascript:' URI and is subject to cross- site scripting (XSS) attacks. If using a relative URL, start with a literal forward slash and concatenate the URL, like this: href='/{link}'. You may also consider setting the Content Security Policy (CSP) header.

Check warning on line 68 in app/templates/findings.html

See this annotation in the file changed.

Code scanning / Semgrep PRO

Semgrep Finding: javascript.express.security.audit.xss.mustache.var-in-href.var-in-href Warning

Detected a template variable used in an anchor tag with the 'href' attribute. This allows a malicious actor to input the 'javascript:' URI and is subject to cross- site scripting (XSS) attacks. If using a relative URL, start with a literal forward slash and concatenate the URL, like this: href='/{link}'. You may also consider setting the Content Security Policy (CSP) header.

Check warning on line 72 in app/templates/findings.html

See this annotation in the file changed.

Code scanning / Semgrep PRO

Semgrep Finding: javascript.express.security.audit.xss.mustache.var-in-href.var-in-href Warning

Detected a template variable used in an anchor tag with the 'href' attribute. This allows a malicious actor to input the 'javascript:' URI and is subject to cross- site scripting (XSS) attacks. If using a relative URL, start with a literal forward slash and concatenate the URL, like this: href='/{link}'. You may also consider setting the Content Security Policy (CSP) header.

Check warning on line 54 in app/templates/patterns.html

See this annotation in the file changed.

Code scanning / Semgrep PRO

Semgrep Finding: javascript.express.security.audit.xss.mustache.var-in-href.var-in-href Warning

Detected a template variable used in an anchor tag with the 'href' attribute. This allows a malicious actor to input the 'javascript:' URI and is subject to cross- site scripting (XSS) attacks. If using a relative URL, start with a literal forward slash and concatenate the URL, like this: href='/{link}'. You may also consider setting the Content Security Policy (CSP) header.

Check warning on line 364 in app/templates/scan.html

See this annotation in the file changed.

Code scanning / Semgrep PRO

Semgrep Finding: javascript.express.security.audit.xss.mustache.var-in-href.var-in-href Warning

Detected a template variable used in an anchor tag with the 'href' attribute. This allows a malicious actor to input the 'javascript:' URI and is subject to cross- site scripting (XSS) attacks. If using a relative URL, start with a literal forward slash and concatenate the URL, like this: href='/{link}'. You may also consider setting the Content Security Policy (CSP) header.

Check warning on line 623 in app/templates/scan.html

See this annotation in the file changed.

Code scanning / Semgrep PRO

Semgrep Finding: javascript.express.security.audit.xss.mustache.var-in-href.var-in-href Warning

Detected a template variable used in an anchor tag with the 'href' attribute. This allows a malicious actor to input the 'javascript:' URI and is subject to cross- site scripting (XSS) attacks. If using a relative URL, start with a literal forward slash and concatenate the URL, like this: href='/{link}'. You may also consider setting the Content Security Policy (CSP) header.

Check warning on line 624 in app/templates/scan.html

See this annotation in the file changed.

Code scanning / Semgrep PRO

Semgrep Finding: javascript.express.security.audit.xss.mustache.var-in-href.var-in-href Warning

Detected a template variable used in an anchor tag with the 'href' attribute. This allows a malicious actor to input the 'javascript:' URI and is subject to cross- site scripting (XSS) attacks. If using a relative URL, start with a literal forward slash and concatenate the URL, like this: href='/{link}'. You may also consider setting the Content Security Policy (CSP) header.

Check warning on line 628 in app/templates/scan.html

See this annotation in the file changed.

Code scanning / Semgrep PRO

Semgrep Finding: javascript.express.security.audit.xss.mustache.var-in-href.var-in-href Warning

Detected a template variable used in an anchor tag with the 'href' attribute. This allows a malicious actor to input the 'javascript:' URI and is subject to cross- site scripting (XSS) attacks. If using a relative URL, start with a literal forward slash and concatenate the URL, like this: href='/{link}'. You may also consider setting the Content Security Policy (CSP) header.

Check warning on line 519 in app/templates/export.html

See this annotation in the file changed.

Code scanning / Semgrep PRO

Semgrep Finding: python.django.security.audit.xss.template-href-var.template-href-var Warning

Detected a template variable used in an anchor tag with the 'href' attribute. This allows a malicious actor to input the 'javascript:' URI and is subject to cross- site scripting (XSS) attacks. Use the 'url' template tag to safely generate a URL. You may also consider setting the Content Security Policy (CSP) header.

Check warning on line 22 in app/templates/finding.html

See this annotation in the file changed.

Code scanning / Semgrep PRO

Semgrep Finding: python.django.security.audit.xss.template-href-var.template-href-var Warning

Detected a template variable used in an anchor tag with the 'href' attribute. This allows a malicious actor to input the 'javascript:' URI and is subject to cross- site scripting (XSS) attacks. Use the 'url' template tag to safely generate a URL. You may also consider setting the Content Security Policy (CSP) header.

Check warning on line 58 in app/templates/finding.html

See this annotation in the file changed.

Code scanning / Semgrep PRO

Semgrep Finding: python.django.security.audit.xss.template-href-var.template-href-var Warning

Detected a template variable used in an anchor tag with the 'href' attribute. This allows a malicious actor to input the 'javascript:' URI and is subject to cross- site scripting (XSS) attacks. Use the 'url' template tag to safely generate a URL. You may also consider setting the Content Security Policy (CSP) header.

Check warning on line 68 in app/templates/findings.html

See this annotation in the file changed.

Code scanning / Semgrep PRO

Semgrep Finding: python.django.security.audit.xss.template-href-var.template-href-var Warning

Detected a template variable used in an anchor tag with the 'href' attribute. This allows a malicious actor to input the 'javascript:' URI and is subject to cross- site scripting (XSS) attacks. Use the 'url' template tag to safely generate a URL. You may also consider setting the Content Security Policy (CSP) header.

Check warning on line 72 in app/templates/findings.html

See this annotation in the file changed.

Code scanning / Semgrep PRO

Semgrep Finding: python.django.security.audit.xss.template-href-var.template-href-var Warning

Detected a template variable used in an anchor tag with the 'href' attribute. This allows a malicious actor to input the 'javascript:' URI and is subject to cross- site scripting (XSS) attacks. Use the 'url' template tag to safely generate a URL. You may also consider setting the Content Security Policy (CSP) header.

Check warning on line 54 in app/templates/patterns.html

See this annotation in the file changed.

Code scanning / Semgrep PRO

Semgrep Finding: python.django.security.audit.xss.template-href-var.template-href-var Warning

Detected a template variable used in an anchor tag with the 'href' attribute. This allows a malicious actor to input the 'javascript:' URI and is subject to cross- site scripting (XSS) attacks. Use the 'url' template tag to safely generate a URL. You may also consider setting the Content Security Policy (CSP) header.

Check warning on line 364 in app/templates/scan.html

See this annotation in the file changed.

Code scanning / Semgrep PRO

Semgrep Finding: python.django.security.audit.xss.template-href-var.template-href-var Warning

Detected a template variable used in an anchor tag with the 'href' attribute. This allows a malicious actor to input the 'javascript:' URI and is subject to cross- site scripting (XSS) attacks. Use the 'url' template tag to safely generate a URL. You may also consider setting the Content Security Policy (CSP) header.

Check warning on line 624 in app/templates/scan.html

See this annotation in the file changed.

Code scanning / Semgrep PRO

Semgrep Finding: python.django.security.audit.xss.template-href-var.template-href-var Warning

Detected a template variable used in an anchor tag with the 'href' attribute. This allows a malicious actor to input the 'javascript:' URI and is subject to cross- site scripting (XSS) attacks. Use the 'url' template tag to safely generate a URL. You may also consider setting the Content Security Policy (CSP) header.

Check warning on line 628 in app/templates/scan.html

See this annotation in the file changed.

Code scanning / Semgrep PRO

Semgrep Finding: python.django.security.audit.xss.template-href-var.template-href-var Warning

Detected a template variable used in an anchor tag with the 'href' attribute. This allows a malicious actor to input the 'javascript:' URI and is subject to cross- site scripting (XSS) attacks. Use the 'url' template tag to safely generate a URL. You may also consider setting the Content Security Policy (CSP) header.

Check warning on line 519 in app/templates/export.html

See this annotation in the file changed.

Code scanning / Semgrep PRO

Semgrep Finding: python.flask.security.xss.audit.template-href-var.template-href-var Warning

Detected a template variable used in an anchor tag with the 'href' attribute. This allows a malicious actor to input the 'javascript:' URI and is subject to cross- site scripting (XSS) attacks. Use 'url_for()' to safely generate a URL. You may also consider setting the Content Security Policy (CSP) header.

Check warning on line 22 in app/templates/finding.html

See this annotation in the file changed.

Code scanning / Semgrep PRO

Semgrep Finding: python.flask.security.xss.audit.template-href-var.template-href-var Warning

Detected a template variable used in an anchor tag with the 'href' attribute. This allows a malicious actor to input the 'javascript:' URI and is subject to cross- site scripting (XSS) attacks. Use 'url_for()' to safely generate a URL. You may also consider setting the Content Security Policy (CSP) header.

Check warning on line 58 in app/templates/finding.html

See this annotation in the file changed.

Code scanning / Semgrep PRO

Semgrep Finding: python.flask.security.xss.audit.template-href-var.template-href-var Warning

Detected a template variable used in an anchor tag with the 'href' attribute. This allows a malicious actor to input the 'javascript:' URI and is subject to cross- site scripting (XSS) attacks. Use 'url_for()' to safely generate a URL. You may also consider setting the Content Security Policy (CSP) header.