rusackas opened a new pull request, #33213: URL: https://github.com/apache/superset/pull/33213
Potential fix for [https://github.com/apache/superset/security/code-scanning/2001](https://github.com/apache/superset/security/code-scanning/2001) To fix the issue, we need to ensure that the URL passed to the `href` attribute is sanitized and validated to prevent XSS attacks. This can be achieved by: 1. Validating the `item.url` to ensure it is a safe and expected URL format (e.g., starts with `/` or a specific domain). 2. Escaping the concatenated URL to prevent any malicious characters from being interpreted as HTML or JavaScript. 3. Using a utility function to sanitize and validate URLs before passing them to `ensureAppRoot`. The changes will be made in `RightMenu.tsx` to validate and sanitize `item.url` before using it in the `href` attribute. --- _Suggested fixes powered by Copilot Autofix. Review carefully before merging._ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
