Skip to content
This repository was archived by the owner on Sep 3, 2022. It is now read-only.

Fix Potential DOM-based XSS via prototype pollution #232

Merged
merged 4 commits into from
Mar 17, 2021
Merged

Fix Potential DOM-based XSS via prototype pollution #232

merged 4 commits into from
Mar 17, 2021

Conversation

juliofarah
Copy link
Contributor

Description

This PR fixes a potential DOM-based XSS via prototype pollution reported by one of our customers by replacing component-querystring by component-url.

Test plan

  • No regression added to query string functionality:

Screen Shot 2021-03-17 at 12 30 28 PM

Screen Shot 2021-03-17 at 12 29 54 PM

Screen Shot 2021-03-17 at 12 29 43 PM

  • Prototype can't be polluted via query string anymore:

Screen Shot 2021-03-17 at 12 37 06 PM

Testing completed successfully using local unit tests;
Testing completed successfully using ajs-core as an npm module;

juliofarah
juliofarah commented Mar 17, 2021
View reviewed changes
juliofarah
juliofarah commented Mar 17, 2021
View reviewed changes
juliofarah
juliofarah commented Mar 17, 2021
View reviewed changes
juliofarah
juliofarah commented Mar 17, 2021
View reviewed changes
juliofarah
juliofarah commented Mar 17, 2021
View reviewed changes
juliofarah
juliofarah commented Mar 17, 2021
View reviewed changes
juliofarah
juliofarah commented Mar 17, 2021
View reviewed changes
juliofarah
juliofarah commented Mar 17, 2021
View reviewed changes
juliofarah
juliofarah commented Mar 17, 2021
View reviewed changes
juliofarah
juliofarah commented Mar 17, 2021
View reviewed changes
juliofarah
juliofarah commented Mar 17, 2021
View reviewed changes
juliofarah
juliofarah commented Mar 17, 2021
View reviewed changes
juliofarah
juliofarah commented Mar 17, 2021
View reviewed changes
juliofarah
juliofarah commented Mar 17, 2021
View reviewed changes
juliofarah
juliofarah commented Mar 17, 2021
View reviewed changes
juliofarah
juliofarah commented Mar 17, 2021
View reviewed changes
juliofarah
juliofarah commented Mar 17, 2021
View reviewed changes
juliofarah
juliofarah commented Mar 17, 2021
View reviewed changes
juliofarah
juliofarah commented Mar 17, 2021
View reviewed changes
juliofarah
juliofarah commented Mar 17, 2021
View reviewed changes
@juliofarah juliofarah merged commit 274ef70 into master Mar 17, 2021
@juliofarah juliofarah deleted the url branch March 17, 2021 21:21
hbrls pushed a commit to nice-fungal/analytics.js-core that referenced this pull request Apr 16, 2021
@hbrls
Fix Potential DOM-based XSS via prototype pollution (segmentio#232)
f9ad722 
* Fix Potential DOM-based XSS via prototype pollution

* update history

* undo linting changes

* Delete yarn-error.log
hbrls pushed a commit to nice-fungal/analytics.js-core that referenced this pull request May 31, 2021
@hbrls
Fix Potential DOM-based XSS via prototype pollution (segmentio#232)
753a91c 
* Fix Potential DOM-based XSS via prototype pollution

* update history

* undo linting changes

* Delete yarn-error.log
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@nettofarah nettofarah nettofarah approved these changes

@pooyaj pooyaj Awaiting requested review from pooyaj

@danieljackins danieljackins Awaiting requested review from danieljackins

@dk1027 dk1027 Awaiting requested review from dk1027

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@juliofarah @nettofarah