[Release] Stage to Main #4515
[Release] Stage to Main #4515
Conversation
Appending link group classes
Support .ing domains for lana
* Fix sticky CTA block functionality issue * adressed comments * Add spectrum-web-components scripts to commerce documentation * missing swc deps * prettier fix
* support for legacy browsers that do not support url.canParse * added additional check to validate url protocol * validated url * reverted formatting changes * code enhancement * mock for unit tests
Add gist block
* MWPW-167744 [Plans] Analytics * Trigger Build * MWPW-167744 [Plans] Analytics - unit tests * MWPW-167744 [Plans] Analytics - lint * MWPW-167744 [Plans] Analytics - unit tests * MWPW-173845: Fix collection header margin for edu plans cards (#4467) * Plans : MWPW-175390 MWPW-175488 (#4489) * MWPW-175390 [Plans] Secure Transaction Label Alignment Issue * MWPW-175390 [Plans] Secure Transaction Label Alignment Issue * MWPW-175390 [Plans] Secure Transaction Label Alignment Issue * Trigger Build * MWPW-175488 [Plans] Schools & Universities Tab Three Card Layout Needs Centering * build mas --------- Co-authored-by: Bozo Jovicic <bozo@hitthecode.com> * MWPW-167744 [Plans] Analytics * MWPW-167744 [Plans] Analytics - test --------- Co-authored-by: Bozo Jovicic <bozo@hitthecode.com> Co-authored-by: Bozo Jovicic <37440641+bozojovicic@users.noreply.github.com>
|
Testing can start @adobecom/bacom-sot @adobecom/creative-cloud-sot @adobecom/document-cloud-sot @adobecom/express-sot @adobecom/homepage-sot @adobecom/miq-sot @adobecom/blog-sot |
|
Hello, I'm the AEM Code Sync Bot and I will run some actions to deploy your branch and validate page speed.
|
|
SNOW Change Request Transaction ID: 0000019746cb97b2-4488919 |
There was a problem hiding this comment.
File ignored because of a matching ignore pattern. Use "--no-ignore" to override.
libs/deps/mas/merch-card.js
Outdated
There was a problem hiding this comment.
File ignored because of a matching ignore pattern. Use "--no-ignore" to override.
libs/features/mas/dist/mas.js
Outdated
There was a problem hiding this comment.
File ignored because of a matching ignore pattern. Use "--no-ignore" to override.
There was a problem hiding this comment.
File ignored because of a matching ignore pattern. Use "--no-ignore" to override.
There was a problem hiding this comment.
File ignored because of a matching ignore pattern. Use "--no-ignore" to override.
There was a problem hiding this comment.
File ignored because of a matching ignore pattern. Use "--no-ignore" to override.
There was a problem hiding this comment.
File ignored because of a matching ignore pattern. Use "--no-ignore" to override.
| document.querySelectorAll('code.demo').forEach(el => { | ||
| const targetContainer = document.createElement('div'); | ||
| targetContainer.classList.toggle('light', el.classList.contains('light')); | ||
| targetContainer.innerHTML = `<h4>Demo: </h4><div class="demo-container">${el.textContent}</div>`; |
Check warning
Code scanning / CodeQL
DOM text reinterpreted as HTML Medium documentation
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI about 7 hours ago
To address the issue, the text retrieved via el.textContent should be properly escaped before being injected into the DOM. Escaping ensures that special HTML characters such as <, >, &, etc., are converted into their encoded representations (e.g., <, >, &). This prevents any unintended interpretation as HTML or JavaScript code.
The most reliable fix involves using a library like lodash (e.g., _.escape) or a custom utility function to sanitize the text. The fix should ensure that el.textContent is sanitized before being incorporated into the innerHTML. This will require modifying the vulnerable line 62 and potentially importing a library or defining a helper function.
| @@ -59,7 +59,8 @@ | ||
| document.querySelectorAll('code.demo').forEach(el => { | ||
| const targetContainer = document.createElement('div'); | ||
| targetContainer.classList.toggle('light', el.classList.contains('light')); | ||
| targetContainer.innerHTML = `<h4>Demo: </h4><div class="demo-container">${el.textContent}</div>`; | ||
| const escapedText = el.textContent.replace(/&/g, '&').replace(/</g, '<').replace(/>/g, '>').replace(/"/g, '"').replace(/'/g, '''); | ||
| targetContainer.innerHTML = `<h4>Demo: </h4><div class="demo-container">${escapedText}</div>`; | ||
| el.parentElement.after(targetContainer); | ||
| // Extract and evaluate <script> tags | ||
| const scriptTags = targetContainer.getElementsByTagName('script'); |
…ck (#4485) * fixed modal reopening, and duplications * moved comments to a separate file * fixed the modal reopening issue * updated unit test * fixed multiple btn clicks * corrected variable name
* [MWPW-174959] - table border update * [MWPW-174959] - table rtl border update * [MWPW-174959] - table update logic * [MWPW-174959] - table update border logic mobile * [MWPW-174959] - code optimization * [MWPW-174959] - table border logic update * [MWPW-174959] - table one heading border fix
* 3in1 spinner center position * spinner update --------- Co-authored-by: Predrag Markovic <cod14230@adobe.com>
common base root URLs
Homepage : https://www.stage.adobe.com/
BACOM: https://business.stage.adobe.com/fr/
CC: https://www.stage.adobe.com/creativecloud.html
Blog: https://blog.stage.adobe.com/
Acrobat: https://www.stage.adobe.com/acrobat/online/sign-pdf.html
Milo:
GNav Test URLs
Gnav + Footer + Region Picker modal:
Thin Gnav + ThinFooter + Region Picker dropup:
Localnav + Promo:
Sticky Branch Banner:
Inline Branch Banner:
Blog
RTL Locale