bjugl edited a comment on pull request #425: URL: https://github.com/apache/ofbiz-framework/pull/425#issuecomment-999354788
> I'm no longer able to review the js CodeQL analysis (because of npm use). There were no real issues. I saw for instance that they used things like `\.` in regexp that are of no use un js since you actually need `\\.` for escaping a dot in js. But anyway it was not a security issue, just that it's the same to do .min than .min. We could have reported the other issues (like 4 or 5) o but it's no longer available. So +1 to push. All the Warnings were in the Plugins, of which we - as of now - only use one. There was one possible Code-Injection in the CleanPastbin Plugin, because script-tags were not filtered within the logic. This we can ignore, because I set trumbowyg up to not accept script tags anyhow (We do also sanitize serversided again, right?). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
