Security-fix: Remove XSS in appendTo in Magnific Popup#2266
Security-fix: Remove XSS in appendTo in Magnific Popup#2266NoumaanAhamed wants to merge 5 commits intodevelopfrom
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
There was a problem hiding this comment.
Pull request overview
This PR attempts to fix an XSS vulnerability in the Magnific Popup library by changing how the prependTo configuration option is handled. However, the implementation contains critical issues that prevent it from achieving its security goal.
Key Changes
- Replaced
document.querySelector()approach with jQuery.find()method for element selection - Simplified error handling by removing try-catch block
- Added inline comment explaining the security intent
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
…string appendTo values
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 1 out of 1 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
Unable to PHPCS or SVG scan one or more files due to error running PHPCS/SVG scanner:
The error may be temporary. If the error persists, please contact a human (commit-ID: 6da3f99). |
|
|
||
| // Only allow DOM elements or jQuery objects | ||
| if (appendToEl instanceof HTMLElement) { | ||
| $appendToEl = $(appendToEl); |
Check warning
Code scanning / CodeQL
Unsafe jQuery plugin Medium
Copilot Autofix
AI 4 months ago
Copilot could not generate an autofix suggestion
Copilot could not generate an autofix suggestion for this alert. Try pushing a new commit or if the problem persists contact support.
Resolves https://github.com/rtCamp/rtMedia/security/code-scanning/44