Skip to content

Added captacha#168

Draft
jontyms wants to merge 4 commits into
HackUCF:devfrom
jontyms:added-captacha
Draft

Added captacha#168
jontyms wants to merge 4 commits into
HackUCF:devfrom
jontyms:added-captacha

Conversation

@jontyms
Copy link
Copy Markdown
Member

@jontyms jontyms commented Jul 28, 2024

No description provided.

github-advanced-security[bot]
github-advanced-security AI found potential problems Jul 28, 2024
View reviewed changes
Comment thread app/templates/error.html
<h2>{{reason}}</h2>

<a class="btn" href="/"><i class="fa-solid fa-house"></i> Go Home</a>
<a class="btn" href="{{return_url}}"

Check warning

Code scanning / Semgrep OSS

Semgrep Finding: javascript.express.security.audit.xss.mustache.var-in-href.var-in-href

Detected a template variable used in an anchor tag with the 'href' attribute. This allows a malicious actor to input the 'javascript:' URI and is subject to cross- site scripting (XSS) attacks. If using a relative URL, start with a literal forward slash and concatenate the URL, like this: href='/{{link}}'. You may also consider setting the Content Security Policy (CSP) header.
Comment thread app/templates/error.html
<h2>{{reason}}</h2>

<a class="btn" href="/"><i class="fa-solid fa-house"></i> Go Home</a>
<a class="btn" href="{{return_url}}"

Check warning

Code scanning / Semgrep OSS

Semgrep Finding: python.django.security.audit.xss.template-href-var.template-href-var

Detected a template variable used in an anchor tag with the 'href' attribute. This allows a malicious actor to input the 'javascript:' URI and is subject to cross- site scripting (XSS) attacks. Use the 'url' template tag to safely generate a URL. You may also consider setting the Content Security Policy (CSP) header.
Comment thread app/templates/error.html
<h2>{{reason}}</h2>

<a class="btn" href="/"><i class="fa-solid fa-house"></i> Go Home</a>
<a class="btn" href="{{return_url}}"

Check warning

Code scanning / Semgrep OSS

Semgrep Finding: python.flask.security.xss.audit.template-href-var.template-href-var

Detected a template variable used in an anchor tag with the 'href' attribute. This allows a malicious actor to input the 'javascript:' URI and is subject to cross- site scripting (XSS) attacks. Use 'url_for()' to safely generate a URL. You may also consider setting the Content Security Policy (CSP) header.
Comment thread app/templates/signup.html
</details>
</div>
</div>
<script src="https://hcaptcha.com/1/api.js" async defer></script>

Check warning

Code scanning / Semgrep OSS

Semgrep Finding: html.security.audit.missing-integrity.missing-integrity

This tag is missing an 'integrity' subresource integrity attribute. The 'integrity' attribute allows for the browser to verify that externally hosted files (for example from a CDN) are delivered without unexpected manipulation. Without this attribute, if an attacker can modify the externally hosted resource, this could lead to XSS and other types of attacks. To prevent this, include the base64-encoded cryptographic hash of the resource (file) you’re telling the browser to fetch in the 'integrity' attribute for all externally hosted files.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jontyms @github-advanced-security