I18n implementation #10515
I18n implementation #10515
Conversation
harishsundar-okta
commented
Mar 4, 2025
harishsundar-okta
commented
- Added new folders for fr-ca and ja-jp for quickstarts contentful implementation.
- Updated sidebar.yml file for API Docs landing page i18n implementation.
![semgrepcode-auth0[bot]](https://avatars.githubusercontent.com/u/2824157?s=60&v=4){kind=small}
| <% var i=0; _.forEach(connections, function(article) { %> | ||
| <% if (article.connection) { %> | ||
| <% if (article.public !== false) { %> | ||
| <a class="connection connection-public" href="<%- article.url %>"> |
There was a problem hiding this comment.
Semgrep identified an issue in your code:
Detected a template variable used in an anchor tag with the 'href' attribute. This allows a malicious actor to input the 'javascript:' URI and is subject to cross- site scripting (XSS) attacks. If using a relative URL, start with a literal forward slash and concatenate the URL, like this: href='/<%= link %>'. You may also consider setting the Content Security Policy (CSP) header.
To resolve this comment:
🔧 No guidance has been designated for this issue. Fix according to your organization's approved methods.
💬 Ignore this finding
Reply with Semgrep commands to ignore this finding.
/fp <comment>for false positive/ar <comment>for acceptable risk/other <comment>for all other reasons
Alternatively, triage in Semgrep AppSec Platform to ignore the finding created by var-in-href.
You can view more details about this finding in the Semgrep AppSec Platform.
| <% var i=0; _.forEach(connections, function(article) { %> | ||
| <% if (article.connection) { %> | ||
| <% if (article.public !== false) { %> | ||
| <a class="connection connection-public" href="<%- article.url %>"> |
There was a problem hiding this comment.
Semgrep identified an issue in your code:
Detected a template variable used in an anchor tag with the 'href' attribute. This allows a malicious actor to input the 'javascript:' URI and is subject to cross- site scripting (XSS) attacks. If using a relative URL, start with a literal forward slash and concatenate the URL, like this: href='/<%= link %>'. You may also consider setting the Content Security Policy (CSP) header.
To resolve this comment:
🔧 No guidance has been designated for this issue. Fix according to your organization's approved methods.
💬 Ignore this finding
Reply with Semgrep commands to ignore this finding.
/fp <comment>for false positive/ar <comment>for acceptable risk/other <comment>for all other reasons
Alternatively, triage in Semgrep AppSec Platform to ignore the finding created by var-in-href.
You can view more details about this finding in the Semgrep AppSec Platform.
