Rapid icon indicating copy to clipboard operation
Rapid copied to clipboard
verified publisher icon facebook

Audit code for improper uses of d3-selection.html()

Open bhousel opened this issue 1 year ago • 0 comments

Just creating an issue to refer back to as I'm cleaning up the string sanitization issue.
It's everywhere.. 😅

Some context on this is that we (Rapid) pulled in a bad regression from the iD project a while ago before the code diverged, and now there are places all around the Rapid code where the string sanitization has been removed. Every usage of .html really needs to be checked carefully because there is a lot of code that is expecting to pass span or other html tags through it.

some related issues: https://github.com/openstreetmap/iD/issues/8813 https://github.com/openstreetmap/iD/pull/7998 https://github.com/openstreetmap/iD/pull/8817

Originally posted by @bhousel in https://github.com/facebook/Rapid/issues/1158#issuecomment-1769216172

bhousel avatar Dec 29 '23 20:12 bhousel