Skip to content

Potential fix for code scanning alert no. 84: DOM text reinterpreted as HTML#315

Merged
vedharish merged 1 commit into
mainfrom
alert-autofix-84
Jul 14, 2026
Merged

Potential fix for code scanning alert no. 84: DOM text reinterpreted as HTML#315
vedharish merged 1 commit into
mainfrom
alert-autofix-84

Conversation

@KrishnaSuravarapu

Copy link
Copy Markdown
Contributor

Potential fix for https://github.com/browserstack/enigma/security/code-scanning/84

General fix: stop building HTML strings from untrusted values and stop using .html() for those strings. Instead, create DOM nodes and set text via .text() (or textContent), which safely escapes meta-characters.

Best targeted fix here (same functionality): in templates/EnigmaOps/allUserAccessList.html, update revokeConfirm so it:

  • Computes the message string only.
  • Clears #revoke-details.
  • Appends an <h4> element with .text(message).

This preserves the same displayed text and modal behavior while removing the unsafe HTML sink usage for tainted data. No new imports/dependencies are needed.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

…as HTML

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@KrishnaSuravarapu KrishnaSuravarapu marked this pull request as ready for review July 14, 2026 13:12
@vedharish vedharish merged commit 0ae4f0b into main Jul 14, 2026
7 of 8 checks passed
@vedharish vedharish deleted the alert-autofix-84 branch July 14, 2026 13:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants