-
Notifications
You must be signed in to change notification settings - Fork 91
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: Osm username, add escaping where necessary #1158
Conversation
Hi @RitaDee! This is excellent, thank you for your work on this. If possible, can you do some testing of these changes and show some screenshots of that testing, highlighting the areas where the username are displayed? This is good practice to show any github repo maintainer that your code works and hasn't broken anything. |
One of the issues with our current codebase is that any string lifted from our core.yaml file (i.e. anything with a If the code modifications ONLY cover osm username rendering, then this should be good. |
Also, I approved this PR to have our automated test workflow run some unit tests (results above). It appears that the node 16.14 build failed- but this is not due to any changes made in this PR, and is likely due to a flaky test. I do not consider that test failure a blocker by any means. :) |
Thank you, @Bonkles, for the review. I will write the test and attach the screenshots. |
Noted. |
I ran a very quick test of your branch and saw one issue: the |
Yeah sorry - some context on this is that we (Rapid) pulled in a bad regression from the iD project a while ago before the code diverged, and now there are places all around the Rapid code where the string sanitization has been removed. Every usage of some related issues: |
I am not so clear on this. Do I revert the changes made on the file?
I have made an adjustment to this. This is what it looks like now: |
I will check this out. Thank you |
Here is the screenshot of the test: |
@Bonkles, this is ready for review. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tested these changes, looks good!
Description
This PR focuses on improving the codebase in terms of security and consistency by making changes to how text content is inserted into various elements within the application. Specifically, I have replaced the use of .html() with .text() for setting text content, ensuring safer content insertion and aligning with best practices.
Fixes #1124
Screenshot:
Test Screenshot: