Comments (6)
neilsy
commented on July 27, 2024
2
@PragTob I've made a PR to update the emdbedded jquery here: #115
I am not quite sure the process for contributing...
I did run simplecov tests with the updated simplecov-html gem loaded from my local code. I also tested with my own code, generating a full coverage report on a suite of tests.
from simplecov-html.
neilsy
commented on July 27, 2024
1
@PragTob Do you have time to check this out? #115
It would help my team a lot if we could comply with my company's security policies without begging for exceptions! Probably there are many others in the same boat now, with off-the-shelf scans becoming standard.
from simplecov-html.
PragTob
commented on July 27, 2024
Hi, thanks for letting us know and we'll upgrade but as these are XSS vulnerabilities you'd need to look at somebody else's malicious code (as that's the user input we got) if that is even affected by this, or am I missing another attack vector here?
from simplecov-html.
jgarland79
commented on July 27, 2024
@PragTob It doesn't seem to matter to our vulnerability scanner how it is used. Just that it is there and the code is flagged as vunlerable. :(
from simplecov-html.
PragTob
commented on July 27, 2024
Of course it doesn't matter for it :D So, your problem is more that your security scanner nags you about it than the actual security risk.
from simplecov-html.
snarfmason
commented on July 27, 2024
@PragTob hey, if I made a PR to update to jquery 3.5.1 would you accept the patch?
from simplecov-html.
Related Issues (20)
- Missed lines color doesn't work for color blind people HOT 1
- Missing asset referenced HOT 1
- Feature proposal: use CDN for assets or put them inline HOT 1
- Feature Request: Update URL with file path. HOT 1
- Feature Request: Silence output_message
- CVE-2022-30123 : rack (2.2.3) HOT 10
- Show test coverage
- Use Float#floor instead of Float#round
- Show loading size
- Fails with `Errno::EACCES: Permission denied @ rb_sysopen` if vendor files are read-only HOT 1
- Symbolic link attack within `coverage` directory can overwrite files elsewhere HOT 1
- New release? HOT 2
- Errors in File.open HOT 2
- Wrong sorting for coverage HOT 6
- Regression: non-ASCII characters are broken HOT 3
- Javascript error in version '0.12.0', some pages cannot be open HOT 15
- Disable pagination HOT 3
- Cannot refresh coverage page directly in version '0.12.0' HOT 4
- Feature proposal: multiple coverages in one html HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from simplecov-html.