Fix ngx-bootstrap vulnerability #125
Comments
mjtravers
changed the title
mjtravers
changed the title
|
This issue is no longer relevant as ngx-bootstrap has been removed from the app during the work preformed for issue #156. |
Elaine-Krauss-TCG
added a commit
that referenced
this issue
Jul 28, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The ngx-bootstrap has an XSS vulnerability: https://app.circleci.com/pipelines/github/fecgov/fecfile-web-app/169/workflows/bcad3ac5-e317-4c95-a216-fe2fa42befbf/jobs/652
The vulnerability looks to be how the typeahead is being used. Fix the XSS issue for the typeahead either by using the ng-bootstrap library (also in use) has may have a better implementation of typeahead or by escaping data before use in the ngx-bootstrap typeahead.
Stretch goal: It'd be nice to have only one angular bootstrap library dependency, so while in the code, evaluate the level of effort to move the site entirely into ng-bootstrap
Acceptance Criteria
Snyk does not report a XSS vulnerability in its report.
QA Notes
null
DEV Notes
null
Design
null
The text was updated successfully, but these errors were encountered: