Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Audit code for improper uses of d3-selection.html() #1274

Open
bhousel opened this issue Dec 29, 2023 · 0 comments
Open

Audit code for improper uses of d3-selection.html() #1274

bhousel opened this issue Dec 29, 2023 · 0 comments
Labels
chore Improvements to the code or development stack, cleanups

Comments

@bhousel
Copy link
Contributor

bhousel commented Dec 29, 2023

Just creating an issue to refer back to as I'm cleaning up the string sanitization issue.
It's everywhere.. 😅

Some context on this is that we (Rapid) pulled in a bad regression from the iD project a while ago before the code diverged, and now there are places all around the Rapid code where the string sanitization has been removed. Every usage of .html really needs to be checked carefully because there is a lot of code that is expecting to pass span or other html tags through it.

some related issues:
openstreetmap/iD#8813
openstreetmap/iD#7998
openstreetmap/iD#8817

Originally posted by @bhousel in #1158 (comment)

@bhousel bhousel added the chore Improvements to the code or development stack, cleanups label Dec 29, 2023
bhousel added a commit that referenced this issue Jan 2, 2024
bhousel added a commit that referenced this issue Jan 3, 2024
@bhousel bhousel mentioned this issue May 3, 2024
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
chore Improvements to the code or development stack, cleanups
Projects
None yet
Development

No branches or pull requests

1 participant