Skip to content

[Precogs] [CWE-79] - Cross-Site Scripting (XSS) [Risk level: High] detected. #5

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
sameer6pre wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Precogs] [CWE-79] - Cross-Site Scripting (XSS) [Risk level: High] detected. #5

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
81 changes: 9 additions & 72 deletions orbit-app/src/pages/BlogsPage.jsx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,74 +1,11 @@
import React, { useState, useEffect } from 'react';
import axios from 'axios';
import CommentsSection from '../components/CommentsSection';
import { BASE_URL } from '../util';

function BlogsPage() {
const [blogs, setBlogs] = useState([]);
const [title, setTitle] = useState('');
const [content, setContent] = useState('');

useEffect(() => {
// Fetching all blogs
axios.get(`${BASE_URL}/blogs`)
.then((res) => {
setBlogs(res.data);
})
.catch((err) => {
console.error('Error fetching blogs:', err.response.data);
});
}, []);

const handleCreateBlog = () => {
axios.post(`${BASE_URL}/blogs/create`, {
title,
content,
authorId: 1
})
.then((res) => {
alert('Blog created successfully!');
setBlogs([...blogs, res.data]);
})
.catch((err) => {
console.error('Error creating blog:', err.response.data);
});
};

return (
<div>
<h1>Blogs</h1>

<div>
<h2>Create Blog</h2>
<input
type="text"
placeholder="Blog title"
value={title}
onChange={(e) => setTitle(e.target.value)}
/>
<textarea
placeholder="Blog content"
value={content}
onChange={(e) => setContent(e.target.value)}
/>
<button onClick={handleCreateBlog}>Create</button>
</div>

<div>
<h2>All Blogs</h2>
{blogs.map((blog) => (
<div key={blog.id}>
<h3>{blog.title}</h3>
<p>{blog.content}</p>
<small>Author ID: {blog.authorId}</small><br />
<small>Internal Server ID: {blog._id}</small><br />
<small>Created At: {blog.createdAt}</small><br />
<CommentsSection id={blog._id} />
</div>
))}
</div>
</div>
);
(e) => {
const sanitizedValue = sanitizeInput(e.target.value); // Sanitize the input
setContent(sanitizedValue);

Check warning on line 3 in orbit-app/src/pages/BlogsPage.jsx

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

orbit-app/src/pages/BlogsPage.jsx#L3 

'setContent' is not defined.
}

export default BlogsPage;
function sanitizeInput(input) {
// Implement a sanitization function to escape potentially dangerous characters
const element = document.createElement('div');
element.innerText = input;
return element.innerHTML;

Check warning on line 10 in orbit-app/src/pages/BlogsPage.jsx

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

orbit-app/src/pages/BlogsPage.jsx#L10 

Non-HTML function 'sanitizeInput' returns HTML content
}