Skip to content

fix(security): validate URL scheme before rendering href to block javascript: XSS #102

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
aaronjmars wants to merge 2 commits into
base: main
Choose a base branch
from
+51 −13

fix(security): strip C0 controls + DEL in safeUrl before scheme check

39ac3ed
Select commit
Loading
Failed to load commit list.
Open

fix(security): validate URL scheme before rendering href to block javascript: XSS #102

fix(security): strip C0 controls + DEL in safeUrl before scheme check
39ac3ed
Select commit
Loading
Failed to load commit list.
Cursor / Cursor Bugbot succeeded May 10, 2026 in 8m 3s

Bugbot Review

Bugbot Analysis Progress (8m 4s elapsed)

✅ Gathered PR context (2s)
✅ Completed bug detection (7m 55s)
✅ Posted analysis results (7s)

Final Result: Bugbot completed review - no new issues found! ✅

Request ID: serverGenReqId_7fa7c0ef-5027-4bd7-9503-2db8f140396e

Details

View more details on Cursor