You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The vulnerability looks to be how the typeahead is being used. Fix the XSS issue for the typeahead either by using the ng-bootstrap library (also in use) has may have a better implementation of typeahead or by escaping data before use in the ngx-bootstrap typeahead.
Stretch goal: It'd be nice to have only one angular bootstrap library dependency, so while in the code, evaluate the level of effort to move the site entirely into ng-bootstrap
Acceptance Criteria
Snyk does not report a XSS vulnerability in its report.
QA Notes
null
DEV Notes
null
Design
null
The text was updated successfully, but these errors were encountered:
mjtravers
changed the title
Remove ngx-bootstrap in favor of ng bootstrap library
Remove ngx-bootstrap in favor of ng-bootstrap library
Feb 17, 2022
mjtravers
changed the title
Remove ngx-bootstrap in favor of ng-bootstrap library
Fix ngx-bootstrap vulnerability
Feb 17, 2022
The ngx-bootstrap has an XSS vulnerability: https://app.circleci.com/pipelines/github/fecgov/fecfile-web-app/169/workflows/bcad3ac5-e317-4c95-a216-fe2fa42befbf/jobs/652
The vulnerability looks to be how the typeahead is being used. Fix the XSS issue for the typeahead either by using the ng-bootstrap library (also in use) has may have a better implementation of typeahead or by escaping data before use in the ngx-bootstrap typeahead.
Stretch goal: It'd be nice to have only one angular bootstrap library dependency, so while in the code, evaluate the level of effort to move the site entirely into ng-bootstrap
Acceptance Criteria
Snyk does not report a XSS vulnerability in its report.
QA Notes
null
DEV Notes
null
Design
null
The text was updated successfully, but these errors were encountered: