Skip to content
This repository was archived by the owner on Aug 21, 2025. It is now read-only.

Commit e6f0e7d

Browse files
WirelessLifegithub-advanced-security[bot]
WirelessLife
and
github-advanced-security[bot]
authored
Potential fix for code scanning alert no. 16: Reflected cross-site scripting
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
1 parent 389f873 commit e6f0e7d

File tree

2 files changed

+15
-3
lines changed

2 files changed

+15
-3
lines changed

archive/Educator Resources/Course Content/Module2/code/lesson5/lab2/app.js

Lines changed: 13 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
var express = require('express'),
22
bodyParser = require('body-parser'),
3-
logger = require('morgan')
3+
logger = require('morgan'),
4+
escapeHtml = require('escape-html')
45

56
let posts = require('./posts.json')
67

@@ -15,7 +16,17 @@ app.get('/', function(req, res, next) {
1516
})
1617

1718
app.get('/api/posts', function(req, res, next) {
18-
let results = posts
19+
let results = posts.map(post => {
20+
let escapedPost = {};
21+
for (let key in post) {
22+
if (typeof post[key] === 'string') {
23+
escapedPost[key] = escapeHtml(post[key]);
24+
} else {
25+
escapedPost[key] = post[key];
26+
}
27+
}
28+
return escapedPost;
29+
});
1930
res.send(results)
2031
})
2132

archive/Educator Resources/Course Content/Module2/code/lesson5/lab2/package.json

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,8 @@
1919
"dependencies": {
2020
"body-parser": ">=1.20.3",
2121
"express": ">=4.20.0",
22-
"morgan": "1.9.1"
22+
"morgan": "1.9.1",
23+
"escape-html": "^1.0.3"
2324
},
2425
"devDependencies": {
2526
"body-parser": ">=1.20.3",

0 commit comments

Comments
 (0)