Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Jinja auto-escape is set to false #28

Merged
merged 5 commits into from
Jun 24, 2024
Merged

fix: Jinja auto-escape is set to false #28

merged 5 commits into from
Jun 24, 2024

Conversation

coreydaley
Copy link
Member

@coreydaley coreydaley commented Jun 21, 2024
edited
Loading

jinja2.Template is called with no autoescape argument (autoescaping is disabled by default). This increases
the risk of Cross-Site Scripting (XSS) attacks.

Description of the change

Existing or Associated Issue(s)

Additional Information

Checklist

  • Chart version bumped in Chart.yaml according to semver.
  • Variables are documented in the values.yaml and added to the README.md. The pre-commit utility can be used to generate the necessary content. Use pre-commit run -a to apply changes.
  • JSON Schema template updated and re-generated the raw schema via pre-commit hook.
  • List tests pass for Chart using the Chart Testing tool and the ct lint command.

@coreydaley
fix: Jinja auto-escape is set to false
46de6e5 
jinja2.Template is called with no autoescape argument
(autoescaping is disabled by default). This increases
 the risk of Cross-Site Scripting (XSS) attacks.
@openshift-ci openshift-ci bot requested review from davidfestal and tumido June 21, 2024 15:55
coreydaley
coreydaley commented Jun 21, 2024
View reviewed changes
.pre-commit/jsonschema-dereference.py Show resolved Hide resolved
.pre-commit/jsonschema-dereference.py Show resolved Hide resolved
.pre-commit/jsonschema-dereference.py Show resolved Hide resolved
.pre-commit/jsonschema-dereference.py Show resolved Hide resolved
.pre-commit/jsonschema-dereference.py Show resolved Hide resolved
.pre-commit/jsonschema-dereference.py Show resolved Hide resolved
.pre-commit/jsonschema-dereference.py Show resolved Hide resolved
.pre-commit/jsonschema-dereference.py Show resolved Hide resolved
.pre-commit/jsonschema-dereference.py Show resolved Hide resolved
.pre-commit/jsonschema-dereference.py Show resolved Hide resolved
@nickboldt nickboldt self-requested a review June 21, 2024 19:00
@coreydaley
Copy link
Member Author

@rm3l @gazarenkov ptal

rm3l
rm3l approved these changes Jun 24, 2024
View reviewed changes
Copy link
Member

@rm3l rm3l left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, but I noticed that charts/backstage/README.md had changed after running all the pre-commit hooks. But I guess that's a separate issue.

/approve

@coreydaley
Copy link
Member Author

I have updated the README via the pre-commit hook and pushed the changes.

@coreydaley coreydaley merged commit b547179 into redhat-developer:main Jun 24, 2024
3 checks passed
@coreydaley coreydaley deleted the 2024-06-21-set-autoescape-true branch June 24, 2024 16:05
coreydaley added a commit to coreydaley/redhat-developer-rhdh-chart that referenced this pull request Jun 25, 2024
@coreydaley
fix: Revert redhat-developer#25 and redhat-developer#28
2f81c01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rm3l rm3l rm3l approved these changes

@nickboldt nickboldt nickboldt approved these changes

@davidfestal davidfestal Awaiting requested review from davidfestal

@tumido tumido Awaiting requested review from tumido

Assignees

@gazarenkov gazarenkov

@rm3l rm3l

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@coreydaley @nickboldt @rm3l @gazarenkov