Mirror of https://github.com/roostorg/coop
github.com/roostorg/coop
[Code Scanning] Fix code scanning alerts from GitHub (#132)
+26
-4
+3
.github/workflows/check_if_directory_changed.yaml
+3
.github/workflows/check_if_directory_changed.yaml
+1
-1
client/src/webpages/dashboard/item_types/itemTypeCodeSampleUtils.ts
+1
-1
client/src/webpages/dashboard/item_types/itemTypeCodeSampleUtils.ts
···
141
141
);
142
142
return '[\n' + objectElements.join(',\n') + `\n${currentIndent}]`;
143
143
} else if (typeof value === 'string') {
144
-
return `'${value.replace(/'/g, "\\'")}'`;
144
+
return `'${value.replace(/\\/g, '\\\\').replace(/'/g, "\\'")}'`;
145
145
} else if (typeof value === 'number' || typeof value === 'boolean') {
146
146
return value.toString();
147
147
} else if (value === null) {
+2
-1
content-proxy/src/index.ts
+2
-1
content-proxy/src/index.ts
···
310
310
pageContent = $.html();
311
311
return res.send(pageContent);
312
312
} catch (error: any) {
313
+
console.error('Error processing content:', error);
313
314
return res
314
315
.status(500)
315
-
.send(`Error processing content: ${error.message}`);
316
+
.send('Error processing content');
316
317
}
317
318
});
318
319
+19
-1
server/api.ts
+19
-1
server/api.ts
···
97
97
98
98
app.use(cors());
99
99
100
-
app.use(helmet(env === 'production' ? {} : { contentSecurityPolicy: false }));
100
+
app.use(
101
+
helmet(
102
+
env === 'production'
103
+
? {}
104
+
: {
105
+
contentSecurityPolicy: {
106
+
directives: {
107
+
defaultSrc: ["'self'"],
108
+
scriptSrc: ["'self'", "'unsafe-inline'", "'unsafe-eval'"],
109
+
styleSrc: ["'self'", "'unsafe-inline'"],
110
+
imgSrc: ["'self'", 'data:', 'blob:', 'https:', 'http:'],
111
+
connectSrc: ["'self'", 'ws:', 'wss:', 'https:', 'http:'],
112
+
fontSrc: ["'self'", 'data:', 'https:'],
113
+
frameSrc: ["'self'"],
114
+
},
115
+
},
116
+
},
117
+
),
118
+
);
101
119
app.use(express.json({ limit: '50mb' }));
102
120
103
121
app.get('/ready', async (_req, res) => {