bitwarden/browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2025-12-15 15:53:27 +00:00
Code Issues Releases Wiki Activity

[PM-6328] Checkmarx - Resolve warnings (#7941)

Browse Source
This commit is contained in:
Oscar Hinton
2024-02-15 22:25:53 +01:00
committed by GitHub
parent c8c1ed42ba
commit 02dde0c0d3
49 changed files with 101 additions and 85 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
libs/auth/src/angular/fingerprint-dialog/fingerprint-dialog.component.html
View File

@@ -9,7 +9,7 @@
bitButton
href="https://bitwarden.com/help/fingerprint-phrase/"
target="_blank"
rel="noopener"
rel="noreferrer"
buttonType="primary"
bitDialogClose
>

2
libs/common/src/platform/services/web-crypto-function.service.ts
View File

@@ -139,7 +139,7 @@ export class WebCryptoFunctionService implements CryptoFunctionService {
algorithm: "sha1" | "sha256" | "sha512" | "md5",
): Promise<Uint8Array> {
if (algorithm === "md5") {
const md = algorithm === "md5" ? forge.md.md5.create() : forge.md.sha1.create();
const md = forge.md.md5.create();
const valueBytes = this.toByteString(value);
md.update(valueBytes, "raw");
return Utils.fromByteStringToArray(md.digest().data);

3
libs/components/src/avatar/avatar.component.ts
View File

@@ -75,6 +75,8 @@ export class AvatarComponent implements OnChanges {
svg.appendChild(charObj);
const html = window.document.createElement("div").appendChild(svg).outerHTML;
const svgHtml = window.btoa(unescape(encodeURIComponent(html)));
// This is safe because the only user provided value, chars is set using `textContent`
this.src = this.sanitizer.bypassSecurityTrustResourceUrl(
"data:image/svg+xml;base64," + svgHtml,
);
@@ -117,6 +119,7 @@ export class AvatarComponent implements OnChanges {
'"Open Sans","Helvetica Neue",Helvetica,Arial,' +
'sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol"',
);
// Warning do not use innerHTML here, characters are user provided
textTag.textContent = character;
textTag.style.fontWeight = this.svgFontWeight.toString();
textTag.style.fontSize = this.svgFontSize + "px";

10
libs/components/src/stories/introduction.mdx
View File

@@ -104,6 +104,7 @@ component library and the other clients will follow once this work is completed.
className="link-item"
href="https://storybook.js.org/docs/react/get-started/setup#configure-storybook-for-your-stack"
target="_blank"
rel="noreferrer"
>
<span>
<strong>Data</strong>
@@ -115,13 +116,18 @@ component library and the other clients will follow once this work is completed.
<div className="subheading">Learn</div>
<div className="link-list">
<a className="link-item" href="https://storybook.js.org/docs" target="_blank">
<a className="link-item" href="https://storybook.js.org/docs" target="_blank" rel="noreferrer">
<span>
<strong>Storybook documentation</strong>
Configure, customize, and extend
</span>
</a>
<a className="link-item" href="https://storybook.js.org/tutorials/" target="_blank">
<a
className="link-item"
href="https://storybook.js.org/tutorials/"
target="_blank"
rel="noreferrer"
>
<span>
<strong>In-depth guides</strong>
Best practices from leading teams

16
libs/importer/src/components/import.component.html
View File

@@ -7,7 +7,7 @@
>{{ "importDestination" | i18n }}
<a
target="_blank"
rel="noopener"
rel="noreferrer"
appA11yTitle="{{ 'learnAboutImportOptions' | i18n }}"
href="https://bitwarden.com/help/import-data/"
>
@@ -78,14 +78,14 @@
<bit-callout type="info" title="{{ getFormatInstructionTitle() }}" *ngIf="format">
<ng-container *ngIf="format === 'bitwardencsv' || format === 'bitwardenjson'">
See detailed instructions on our help site at
<a target="_blank" rel="noopener" href="https://bitwarden.com/help/export-your-data/">
<a target="_blank" rel="noreferrer" href="https://bitwarden.com/help/export-your-data/">
https://bitwarden.com/help/export-your-data/</a
>
</ng-container>
<ng-container *ngIf="format === 'lastpasscsv'">
<p bitTypography="body1">
{{ "seeDetailedInstructions" | i18n }}
<a target="_blank" rel="noopener" href="https://bitwarden.com/help/import-from-lastpass/">
<a target="_blank" rel="noreferrer" href="https://bitwarden.com/help/import-from-lastpass/">
https://bitwarden.com/help/import-from-lastpass/</a
>
</p>
@@ -153,19 +153,19 @@
The process is exactly the same as importing from Google Chrome.
</span>
See detailed instructions on our help site at
<a target="_blank" rel="noopener" href="https://bitwarden.com/help/import-from-chrome/">
<a target="_blank" rel="noreferrer" href="https://bitwarden.com/help/import-from-chrome/">
https://bitwarden.com/help/import-from-chrome/</a
>
</ng-container>
<ng-container *ngIf="format === 'firefoxcsv'">
See detailed instructions on our help site at
<a target="_blank" rel="noopener" href="https://bitwarden.com/help/import-from-firefox/">
<a target="_blank" rel="noreferrer" href="https://bitwarden.com/help/import-from-firefox/">
https://bitwarden.com/help/import-from-firefox/</a
>.
</ng-container>
<ng-container *ngIf="format === 'safaricsv'">
See detailed instructions on our help site at
<a target="_blank" rel="noopener" href="https://bitwarden.com/help/import-from-safari/">
<a target="_blank" rel="noreferrer" href="https://bitwarden.com/help/import-from-safari/">
https://bitwarden.com/help/import-from-safari/</a
>.
</ng-container>
@@ -178,7 +178,7 @@
"
>
See detailed instructions on our help site at
<a target="_blank" rel="noopener" href="https://bitwarden.com/help/import-from-1password/">
<a target="_blank" rel="noreferrer" href="https://bitwarden.com/help/import-from-1password/">
https://bitwarden.com/help/import-from-1password/</a
>.
</ng-container>
@@ -264,7 +264,7 @@
</ng-container>
<ng-container *ngIf="format === 'gnomejson'">
Make sure you have python-keyring and python-gnomekeyring installed. Save the
<a target="_blank" rel="noopener" href="https://bit.ly/2GpOMTg"
<a target="_blank" rel="noreferrer" href="https://bit.ly/2GpOMTg"
>GNOME Keyring Import/Export</a
>
python script to your desktop as <code>pw_helper.py</code>. Open terminal and run