Skip to content

Fix security issues in strikes page #71

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 22, 2025
Merged

Fix security issues in strikes page #71

merged 1 commit into from
Apr 22, 2025

Conversation

mentatbot[bot]
Copy link
Contributor

@mentatbot mentatbot bot commented Apr 22, 2025

Address security issues identified by code scanning:

  1. Added integrity and crossorigin attributes to the jQuery script to prevent potential supply chain attacks
  2. Fixed regex in getParameterByName function to properly escape backslash characters

This PR improves the security of the strikes page that was fixed in PR #70.

🤖 See my steps and cost here

  • Wake on any new activity.

@mentatbot
Fix security issues in strikes page
9d9d691 
Address security issues identified by code scanning:
1. Added integrity and crossorigin attributes to the jQuery script to prevent potential supply chain attacks
2. Fixed regex in getParameterByName function to properly escape backslash characters

This PR improves the security of the strikes page that was fixed in PR # 70.
@mentatbot mentatbot bot mentioned this pull request Apr 22, 2025
Closed
@mentatbot mentatbot bot requested a review from mcgdj April 22, 2025 01:16
@github-actions GitHub Actions
Copy link

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

@github-actions github-actions bot requested a review from Fluffy728 April 22, 2025 01:16
@mentatbot MentatBot
Copy link
Contributor Author

mentatbot bot commented Apr 22, 2025

This PR addresses security issues identified by GitHub's code scanning after PR #70 was merged.

Security improvements:

  1. Added integrity and crossorigin attributes to jQuery script

    • Prevents potential supply chain attacks by validating the content of the loaded script
    • Changes protocol-relative URL to explicit HTTPS

  2. Fixed regex escaping in getParameterByName function

    • Now properly escapes backslash characters in addition to square brackets
    • Prevents potential security vulnerabilities in URL parameter handling

These changes don't affect functionality but improve the security posture of the page.

@mcgdj mcgdj merged commit 59a412c into main Apr 22, 2025
5 checks passed
mcgdj
mcgdj reviewed Apr 22, 2025
View reviewed changes
Copy link
Collaborator

@mcgdj mcgdj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great; that fixed the JS error for me.

@mcgdj mcgdj deleted the mentat-69-1 branch April 22, 2025 01:19
@mentatbot MentatBot
Copy link
Contributor Author

mentatbot bot commented Apr 22, 2025

Thank you for reviewing and merging this security fix! Glad to hear the JavaScript error is resolved. The strikes page should now be both functional and secure.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mcgdj mcgdj mcgdj left review comments

@Fluffy728 Fluffy728 Awaiting requested review from Fluffy728

Assignees

@Fluffy728 Fluffy728

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mcgdj @Fluffy728