Code scanning - DOM text reinterpreted as HTML #1427

missed uri encoding for url base
GSA · Sep 17, 2024 · 61cecd3 · 61cecd3
1 parent 59e6fad
commit 61cecd3
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/assets/client/src/index.js b/assets/client/src/index.js
@@ -60,9 +60,9 @@ const renderRouter = () => (
 )
 
 const rootElement = document.getElementById('challenge-gov-react-app')
-const apiUrl = rootElement.getAttribute('data-api-url')
+const apiUrl = encodeURI(rootElement.getAttribute('data-api-url'))
 const publicUrl = rootElement.getAttribute('data-public-url')
-const imageBase = rootElement.getAttribute('data-image-base')
+const imageBase = encodeURI(rootElement.getAttribute('data-image-base'))
 const bridgeApplyBlocked = rootElement.getAttribute('data-bridge-apply-blocked') != 'false'
 
 ReactDOM.render(renderRouter(), rootElement);