From cae2767e579f155e5cd740724089377a3d832b93 Mon Sep 17 00:00:00 2001 From: Sayuru Bopitiya Date: Fri, 11 Oct 2024 23:22:05 +0530 Subject: [PATCH] fix: Sanitize XSS IT21470004 --- frontend/src/learner/AllCoursesList.js | 76 ++++++++++++++++---------- 1 file changed, 48 insertions(+), 28 deletions(-) diff --git a/frontend/src/learner/AllCoursesList.js b/frontend/src/learner/AllCoursesList.js index 10ed4e9..98fb55d 100644 --- a/frontend/src/learner/AllCoursesList.js +++ b/frontend/src/learner/AllCoursesList.js @@ -1,6 +1,7 @@ -import React, { useState, useEffect } from "react"; +import React, {useState, useEffect} from "react"; import axios from "axios"; -import { Link, useNavigate } from "react-router-dom"; // Import useNavigate from react-router-dom +import {Link, useNavigate} from "react-router-dom"; // Import useNavigate from react-router-dom +import DOMPurify from "dompurify"; // Import DOMPurify for sanitization function AllCourses() { const [courses, setCourses] = useState([]); @@ -18,15 +19,18 @@ function AllCourses() { let response; if (activeTab === "approved") { response = await axios.get( - "http://localhost:4003/api/v1/course/getApproved" + // IT21470004 - XSS Code Level Fix + DOMPurify.sanitize("http://localhost:4003/api/v1/course/getApproved") ); } else if (activeTab === "pending") { response = await axios.get( - "http://localhost:4003/api/v1/course/getPending" + // IT21470004 - XSS Code Level Fix + DOMPurify.sanitize("http://localhost:4003/api/v1/course/getPending") ); } else if (activeTab === "rejected") { response = await axios.get( - "http://localhost:4003/api/v1/course/getRejected" + // IT21470004 - XSS Code Level Fix + DOMPurify.sanitize("http://localhost:4003/api/v1/course/getRejected") ); } setCourses(response.data); @@ -41,8 +45,11 @@ function AllCourses() { const learnerId = "123f55396a149b001f8a1234"; try { const response = await axios.post( - `http://localhost:4002/learner/course/enroll?courseId=${courseId}`, - { learnerId } + // IT21470004 - XSS Code Level Fix + DOMPurify.sanitize( + `http://localhost:4002/learner/course/enroll?courseId=${courseId}` + ), + {learnerId} ); console.log(response.data.message); // Redirect to Success.js after successful enrollment @@ -51,8 +58,6 @@ function AllCourses() { } else { navigate("/enroll/unsuccess"); } - - response.status(400).json({ message: "Student enrolled successfully" }); } catch (error) { console.error("Error enrolling:", error); // Handle error @@ -77,6 +82,7 @@ function AllCourses() { } return ( + // IT21470004 - XSS Code Level Fixes

Course List

{/* Tab navigation */} @@ -115,25 +121,33 @@ function AllCourses() { >

- {course.CourseName} + {DOMPurify.sanitize(course.CourseName)}

{course.preview && ( Preview handleViewDetails(course._id)} /> )} {expandedCourseId === course._id && ( + // IT21470004 - XSS Code Level Fixes
-

Instructor: {course.instructor}

-

Description: {course.description}

-

Duration: {course.duration}

-

Level: {course.level}

+

+ Instructor: {DOMPurify.sanitize(course.instructor)} +

+

+ Description: {DOMPurify.sanitize(course.description)} +

+

+ Duration: {DOMPurify.sanitize(course.duration)} +

+

+ Level: {DOMPurify.sanitize(course.level)} +

Price: ${course.price}

Lessons: