Prevent javascript injection. #5885
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rachelappel
approved these changes
Apr 5, 2018
scottaddie
added a commit
that referenced
this pull request
Apr 6, 2018
* Update azure-apps-preview-notice.md (#5857) * Link to .NET Core CLI publish command doc (#5864) * Link to .NET Core CLI publish command doc * Verbiage tweak * fix typo (#5866) * Update intro.md (#5869) `classnameID` (where `classname` is the name of the class, such as `Student`) as the primary key. In `classnameID`, `classname` is the name of the class, such as `Student` in * Update view-components.md (#5872) altering range of code displayed to remove hanging closing } and closing table tag * C13511: Spaces should be replaced to avoid localization problems (#5871) Hello, @Rick-Anderson, Localization team has reported source content issue that causes localized version to have broken format compared to en-us version. Please, help to check my proposed file change into the article and help to merge if you agree with fix. If not, please, let me know either if you would like me to fix it in another way within this PR, if you prefer to fix it in another PR or if I should close this PR as by-design. In case of using another PR, please, let me know of your PR number, so we can confirm and close this PR. Many thanks in advance. * CI Update (#5878) * Recommended language change (#5883) * Updated with NET Core SDK 2.0 commands (#5886) * Updated with NET Core SDK 2.0 commands * Quick UE pass * Prevent javascript injection. (#5885) * Troubleshoot SDK warnings (#5880) * WIP Troubleshoot SDK warnings * Work * work * Address Gauntlet warning in ms.date value * Adjust H2 title casing and spacing * Quick UE pass * Update Configuration doc to use double underscores instead of colons for hierarchical config keys (4968) (#5876) * changes to configuration doc * fixes for scott * change for Dan * Update index.md * Code fence double underscore and add missing period * Eliminate unnecessary sentence * Missing npm task runner extension (#5893) * Revert "Missing npm task runner extension (#5893)" (#5894) This reverts commit a90faeb. * Note about task runner explorer option (#5895) * Note about task runner explorer option The gulp file has to be in the root directory or in the directory with package.json not in any subdirectory. * verbiage tweaks * added anchored link (#5896)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Great tutorial! The sample embeds user content directly into the page which allows for clicked javascript to take over the browser. (send message
<a href="javascript:document.write("rooted");">here</a>). I propose a quick fix by using the textContent or innerText instead of innerHtml to set the message. Also following the tutorial the app runs great but the example download has a namespace error and dependency errors. (It wouldn't run without the update.Also, just out of curiosity why are folders like the lib folder excluded? Are you trying to save space on github?