Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

minor changes and feat: create Post #15

Merged
merged 2 commits into from
Jan 14, 2025
Merged

minor changes and feat: create Post #15

merged 2 commits into from
Jan 14, 2025

Conversation

AmishB7
Copy link
Collaborator

@AmishB7 AmishB7 commented Jan 14, 2025

No description provided.

@AmishB7 AmishB7 requested a review from sthsuyash January 14, 2025 08:39
@AmishB7 AmishB7 self-assigned this Jan 14, 2025
@vercel Vercel
Copy link

vercel bot commented Jan 14, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
nepali-news-portal ❌ Failed (Inspect) Jan 14, 2025 11:45am

github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 14, 2025
View reviewed changes
admin-panel/src/pages/CreatePostPage.tsx
>
{imgPreview ? (
<img
src={imgPreview}

Check warning

Code scanning / CodeQL

DOM text reinterpreted as HTML Medium

DOM text
Loading
is reinterpreted as HTML without escaping meta-characters.

Copilot Autofix AI about 1 month ago

To fix the problem, we need to ensure that the imgPreview value is safe before using it as the src attribute of an img element. One way to do this is to validate the file type and ensure it is an image before creating the object URL. Additionally, we can use a library like DOMPurify to sanitize the URL if necessary.

  • Validate the file type to ensure it is an image.
  • Create the object URL only if the file is a valid image.
  • Use the validated and sanitized URL as the src attribute of the img element.
Suggested changeset 1
admin-panel/src/pages/CreatePostPage.tsx

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/admin-panel/src/pages/CreatePostPage.tsx b/admin-panel/src/pages/CreatePostPage.tsx
--- a/admin-panel/src/pages/CreatePostPage.tsx
+++ b/admin-panel/src/pages/CreatePostPage.tsx
@@ -24,4 +24,9 @@
     if (files && files.length > 0) {
-      setImage(files[0]);
-      setImgPreview(URL.createObjectURL(files[0]));
+      const file = files[0];
+      if (file.type.startsWith("image/")) {
+        setImage(file);
+        setImgPreview(URL.createObjectURL(file));
+      } else {
+        toast.error("Please select a valid image file.");
+      }
     }
EOF
@@ -24,4 +24,9 @@
if (files && files.length > 0) {
setImage(files[0]);
setImgPreview(URL.createObjectURL(files[0]));
const file = files[0];
if (file.type.startsWith("image/")) {
setImage(file);
setImgPreview(URL.createObjectURL(file));
} else {
toast.error("Please select a valid image file.");
}
}
Copilot is powered by AI and may make mistakes. Always verify output.
@sthsuyash sthsuyash committed this autofix suggestion about 1 month ago.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
@sthsuyash @github-advanced-security
Fix code scanning alert no. 61: DOM text reinterpreted as HTML
ec5a4f0 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@sthsuyash sthsuyash merged commit 473670c into main Jan 14, 2025
5 of 7 checks passed
@sthsuyash sthsuyash deleted the feature/list-users-n-posts branch January 27, 2025 04:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sthsuyash sthsuyash sthsuyash approved these changes

Assignees

@AmishB7 AmishB7

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@AmishB7 @sthsuyash