Skip to content

Fixed XSS security bug #1929

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Mar 14, 2022
Merged

Fixed XSS security bug #1929

merged 2 commits into from
Mar 14, 2022
+4 −1

Conversation

r0hanSH
Copy link
Contributor

@r0hanSH r0hanSH commented Feb 16, 2022

Fix: set Content-Type response header as text/plain rather than default text/html

The actual vulnerability was reported by me on huntr.dev platform.
People having write permissions on this repo can see the actual vulnerability report at:
https://huntr.dev/bounties/986fb54a-9353-43c1-9433-9a54b3d31e6e/

JamieSlome asked you to create SECURITY.md, a month ago. (#1891) for this vulnerability.

@r0hanSH
Fixed XSS bug
82744a4 
set Content-Type response header as text/plain rather than default text/html
@codesandbox-ci
Copy link

codesandbox-ci bot commented Feb 16, 2022
edited
Loading

This pull request is automatically built and testable in CodeSandbox.

To see build info of the built libraries, click here or the icon next to each commit SHA.

Latest deployment of this branch, based on commit 8ba7076:

Sandbox Source
plouc/nivo Configuration

@r0hanSH
Copy link
Contributor Author

r0hanSH commented Feb 26, 2022

@plouc
can we you please check this security bug?

@Izurii
Copy link

Izurii commented Mar 9, 2022

@plouc Could take a look at this? I think this PR should be fairly easy to review and an important issue to be looking at, having a security flaw isn't good for anyone

@plouc
Copy link
Owner

plouc commented Mar 9, 2022

@Izurii, yes it was easy to review, I had a look at it, but the CI is failing, which is also not good for anyone ;).

@plouc
Copy link
Owner

plouc commented Mar 9, 2022

@r0hanSH, thank you for this fix, could you please also fix the failing tests? (it's a formatting issue).

@Izurii
Copy link

Izurii commented Mar 9, 2022

@Izurii, yes it was easy to review, I had a look at it, but the CI is failing, which is also not good for anyone ;).

Ohh I didn't see that before. I agree with you, CI failing is not good too. Thanks for the reply

I really liked using this library and I want to see it growing. I used before recharts, react-chartjs-2 and highcharts (too costly), between all that, I'm starting to use in most of my projects this library here.

@r0hanSH
Copy link
Contributor Author

r0hanSH commented Mar 14, 2022

@plouc I pushed the required changes

@plouc plouc merged commit f83ad7b into plouc:master Mar 14, 2022
@plouc
Copy link
Owner

plouc commented Mar 14, 2022

Thank you @r0hanSH!

@r0hanSH
Copy link
Contributor Author

r0hanSH commented Mar 14, 2022

@plouc can you please validate and close this report? https://huntr.dev/bounties/986fb54a-9353-43c1-9433-9a54b3d31e6e/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@r0hanSH @Izurii @plouc