dm-4878 xss warning fix innovation show page (#1128)

* update confirmation link for comment report submission on practice show page to use route helper to ensure secure parameter handling * update practice comments show partial to explicitly use url helpers when generating the report link
department-of-veterans-affairs · Dec 6, 2024 · 0b9d84b · 0b9d84b
1 parent 4ab26b5
commit 0b9d84b
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/app/views/commontator/comments/_show.html.erb b/app/views/commontator/comments/_show.html.erb
@@ -114,7 +114,10 @@
                     </div>
                     <div class="text-right">
                       <button class="usa-button usa-button--outline margin-0 margin-top-5 margin-right-05 report-abuse-cancel">Cancel</button>
-                      <%= link_to 'Submit Report', "/innovations/#{practice.id}/comments/#{comment.id}/report", class: 'usa-button  report-abuse-submit', data: { confirm: 'Are you sure you want to report this comment?', turbolinks: 'false' } %>
+                      <%= link_to 'Submit Report',
+                          Rails.application.routes.url_helpers.report_practice_comment_path(practice_id: @practice.id, id: comment.id) ,
+                          class: 'usa-button report-abuse-submit',
+                          data: { confirm: 'Are you sure you want to report this comment?', turbolinks: 'false' } %>
                     </div>
                   </div>
                 </div>