This repository has been archived by the owner on Sep 3, 2022. It is now read-only.

Fix Potential DOM-based XSS via prototype pollution #232

Merged

juliofarah merged 4 commits into master from url

Mar 17, 2021

Contributor

juliofarah commented Mar 17, 2021

Description

This PR fixes a potential DOM-based XSS via prototype pollution reported by one of our customers by replacing component-querystring by component-url.

Test plan

No regression added to query string functionality:

Prototype can't be polluted via query string anymore:

Testing completed successfully using local unit tests;
Testing completed successfully using ajs-core as an npm module;

juliofarah added 2 commits

March 17, 2021 13:38


          Fix Potential DOM-based XSS via prototype pollution

2bfd320


          update history

f9c3416

juliofarah requested review from pooyaj, danieljackins, dk1027 and nettofarah

March 17, 2021 20:47

juliofarah commented

View reviewed changes

lib/analytics.ts Outdated Show resolved Hide resolved

juliofarah commented

View reviewed changes

lib/analytics.ts Outdated Show resolved Hide resolved

juliofarah commented

View reviewed changes

lib/analytics.ts Outdated Show resolved Hide resolved

juliofarah commented

View reviewed changes

lib/analytics.ts Outdated Show resolved Hide resolved

juliofarah commented

View reviewed changes

lib/analytics.ts Outdated Show resolved Hide resolved

juliofarah commented

View reviewed changes

lib/analytics.ts Outdated Show resolved Hide resolved

juliofarah commented

View reviewed changes

lib/analytics.ts Outdated Show resolved Hide resolved

juliofarah commented

View reviewed changes

lib/analytics.ts Outdated Show resolved Hide resolved

juliofarah commented

View reviewed changes

lib/analytics.ts Outdated Show resolved Hide resolved

juliofarah commented

View reviewed changes

lib/analytics.ts Outdated Show resolved Hide resolved

juliofarah commented

View reviewed changes

lib/analytics.ts Outdated Show resolved Hide resolved

juliofarah commented

View reviewed changes

lib/analytics.ts Outdated Show resolved Hide resolved

juliofarah commented

View reviewed changes

lib/analytics.ts Outdated Show resolved Hide resolved

juliofarah commented

View reviewed changes

lib/analytics.ts Outdated Show resolved Hide resolved

juliofarah commented

View reviewed changes

lib/analytics.ts Outdated Show resolved Hide resolved

juliofarah commented

View reviewed changes

lib/analytics.ts Outdated Show resolved Hide resolved

juliofarah commented

View reviewed changes

lib/analytics.ts Outdated Show resolved Hide resolved

juliofarah commented

View reviewed changes

lib/analytics.ts Outdated Show resolved Hide resolved

juliofarah commented

View reviewed changes

lib/analytics.ts Outdated Show resolved Hide resolved

juliofarah commented

View reviewed changes

lib/analytics.ts Outdated Show resolved Hide resolved

Julio Farah added 2 commits

March 17, 2021 13:54


          undo linting changes

6bf1756


          Delete yarn-error.log

a206ac2

nettofarah approved these changes

View reviewed changes

juliofarah merged commit 274ef70 into master

juliofarah deleted the url branch

March 17, 2021 21:21

hbrls pushed a commit to nice-fungal/analytics.js-core that referenced this pull request


          Fix Potential DOM-based XSS via prototype pollution (segmentio#232)

f9ad722

* Fix Potential DOM-based XSS via prototype pollution

* update history

* undo linting changes

* Delete yarn-error.log

hbrls pushed a commit to nice-fungal/analytics.js-core that referenced this pull request


          Fix Potential DOM-based XSS via prototype pollution (segmentio#232)

753a91c

* Fix Potential DOM-based XSS via prototype pollution

* update history

* undo linting changes

* Delete yarn-error.log

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

None yet