From 3cc421061a07d1008d31653058ee2a15a71007ef Mon Sep 17 00:00:00 2001 From: Frances Coronel Date: Sun, 1 Dec 2024 12:21:45 -0500 Subject: [PATCH] Fix code scanning alert no. 9: Stored cross-site scripting Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Frances Coronel --- components/MemberCard/MemberCard.tsx | 4 +++- package.json | 3 ++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/components/MemberCard/MemberCard.tsx b/components/MemberCard/MemberCard.tsx index 35b4a8b..d67d2c6 100644 --- a/components/MemberCard/MemberCard.tsx +++ b/components/MemberCard/MemberCard.tsx @@ -1,5 +1,6 @@ import Image from "next/image"; import Link from "next/link"; +import escapeHtml from "escape-html"; import CountryFlags from "@/components/CountryFlags/CountryFlags"; import SocialLinks from "@/components/SocialLinks/SocialLinks"; @@ -12,10 +13,11 @@ interface MemberProps { const MemberCard = (props: MemberProps) => { const { name, slug, level, countries } = props.member; + const sanitizedPath = escapeHtml(props.member.path); return (
- + {/* Image */}