Skip to content

Commit

Permalink
fix: code scanning alert no. 12: Reflected cross-site scripting (#5078)
Browse files Browse the repository at this point in the history 
Signed-off-by: Simon Heather <32168619+X-Guardian@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
  • Loading branch information
@X-Guardian @github-advanced-security
X-Guardian and github-advanced-security[bot] authored Nov 8, 2024
1 parent 280fff5 commit aedc1b0
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion server/controllers/events/events_controller.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ package events
import (
"encoding/json"
"fmt"
"html"
"io"
"net/http"
"strings"
Expand Down Expand Up @@ -178,7 +179,7 @@ func (e *VCSEventsController) handleGithubPost(w http.ResponseWriter, r *http.Re
return
}

githubReqID := "X-Github-Delivery=" + r.Header.Get("X-Github-Delivery")
githubReqID := "X-Github-Delivery=" + html.EscapeString(r.Header.Get("X-Github-Delivery"))
logger := e.Logger.With("gh-request-id", githubReqID)
scope := e.Scope.SubScope("github_event")

Expand Down

0 comments on commit aedc1b0

Please sign in to comment.