[GitHub] [trafficcontrol] github-code-scanning[bot] commented on a diff in pull request #7766: Update TP to use API v5

Thu, 31 Aug 2023 09:24:35 -0700 


github-code-scanning[bot] commented on code in PR #7766:
URL: https://github.com/apache/trafficcontrol/pull/7766#discussion_r1311892556


##########
traffic_portal/app/src/common/modules/form/server/form.server.tpl.html:
##########
@@ -120,25 +119,25 @@
                     For example, P1 and P2 are two profiles associated with a 
server, S1. Parameters of P1 will have a <u>higher</u> priority over that of P2.
                     And if there exists parameters with same name but 
different values, then P1's parameters will <b>not</b> be overwritten.
                 </p>
-                <fieldset ng-repeat="profile in server.profileNames track by 
$index"> {{$index + 1}}
+                <fieldset ng-repeat="profile in server.profiles track by 
$index"> {{$index + 1}}
                     <select ng-class="{'has-error': 
hasPropertyError(serverForm['activeProfile-'+$index], 'required'), 
'has-feedback': hasPropertyError(serverForm['activeProfile-'+$index], 
'required')}"
-                            id="activeProfile-{{$index}}" 
name="activeProfile-{{$index}}" class="form-control" 
ng-model="server.profileNames[$index]"
-                            ng-options="profile.name as profile.name for 
profile in profiles|excludeFilter:profile:server.profileNames" required>
+                            id="activeProfile-{{$index}}" 
name="activeProfile-{{$index}}" class="form-control" 
ng-model="server.profiles[$index]"
+                            ng-options="profile.name as profile.name for 
profile in profiles|excludeFilter:profile:server.profiles" required>
                         <option hidden selected disabled 
value="">Select...</option>
                     </select>
                     <small class="input-error" 
ng-show="hasPropertyError(serverForm['activeProfile-'+$index], 
'required')">Required</small>
-                    <a ng-href="{{getProfileID(server.profileNames[$index])}}" 
target="_blank">View Details&nbsp;&nbsp;<i class="fa fs-xs 
fa-external-link"></i></a>
-                    <button class="btn btn-danger right-button btn-xs" 
type="button" title="remove this profile from the server" 
ng-if="server.profileNames.length>1" ng-click="deleteProfile($index)"><i 
class="fa fa-minus"></i></button>
+                    <a ng-href="{{getProfileID(server.profiles[$index])}}" 
target="_blank">View Details&nbsp;&nbsp;<i class="fa fs-xs 
fa-external-link"></i></a>

Review Comment:
   ## Potentially unsafe external link
   
   External links without noopener/noreferrer are a potential security risk.
   
   [Show more 
details](https://github.com/apache/trafficcontrol/security/code-scanning/306)



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@trafficcontrol.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to