Skip to content

Commit c767222

Browse files
cemms1cemms1
committed
resolve security bot warnings about URLs
1 parent 8e14ea8 commit c767222

File tree

2 files changed

+12
-48
lines changed

2 files changed

+12
-48
lines changed

dotcom-rendering/src/components/Badge.tsx

Lines changed: 4 additions & 47 deletions
Original file line numberDiff line numberDiff line change
@@ -3,41 +3,6 @@ import { space } from '@guardian/source/foundations';
33
import type { Branding } from '../types/branding';
44
import { useConfig } from './ConfigContext';
55

6-
// const frontsSectionBadgeSizingStyles = css`
7-
// height: auto;
8-
// width: 120px;
9-
10-
// ${from.tablet} {
11-
// width: 140px;
12-
// }
13-
14-
// ${from.leftCol} {
15-
// width: 200px;
16-
// }
17-
// `;
18-
19-
// const labsSectionBadgeSizingStyles = css`
20-
// height: auto;
21-
// width: 100px;
22-
23-
// ${from.phablet} {
24-
// width: 120px;
25-
// }
26-
// `;
27-
28-
// const imageAdvertisingPartnerStyles = css`
29-
// ${between.leftCol.and.wide} {
30-
// max-width: 130px;
31-
// }
32-
// `;
33-
34-
// const imageStyles = css`
35-
// display: block;
36-
// width: auto;
37-
// max-width: 100%;
38-
// object-fit: contain;
39-
// `;
40-
416
const logoImageStyle = css`
427
max-height: 60px;
438
max-width: 120px;
@@ -68,9 +33,12 @@ export const Badge = ({
6833
}: Props) => {
6934
const { darkModeAvailable } = useConfig();
7035

36+
// Sanitise URL for use as href attribute
37+
const href = new URL(logo.link).href;
38+
7139
return (
7240
<a
73-
href={logo.link}
41+
href={href}
7442
data-sponsor={sponsorName.toLowerCase()}
7543
rel="nofollow"
7644
aria-label={`Visit the ${sponsorName} website`}
@@ -88,17 +56,6 @@ export const Badge = ({
8856
media={'(prefers-color-scheme: dark)'}
8957
/>
9058
)}
91-
{/* <img
92-
css={[
93-
imageStyles,
94-
isInLabsSection
95-
? labsSectionBadgeSizingStyles
96-
: frontsSectionBadgeSizingStyles,
97-
isAdvertisingPartner && imageAdvertisingPartnerStyles,
98-
]}
99-
src={imageSrc}
100-
alt={isInLabsSection ? 'Labs sponsor logo' : ''}
101-
/>\ */}
10259
<img
10360
css={logoImageStyle}
10461
src={logo.src}

dotcom-rendering/src/components/FrontSectionTitle.tsx

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -103,6 +103,7 @@ export const FrontSectionTitle = ({
103103
collectionBranding.branding,
104104
containerPalette,
105105
);
106+
106107
if (isFrontBranding || isContainerBranding) {
107108
return (
108109
<>
@@ -126,7 +127,13 @@ export const FrontSectionTitle = ({
126127
/>
127128
</Hide>
128129
{title}
129-
<a href={aboutThisLink} css={aboutThisLinkStyles}>
130+
<a
131+
href={
132+
// Sanitise URL before use as href attribute
133+
new URL(aboutThisLink).href
134+
}
135+
css={aboutThisLinkStyles}
136+
>
130137
About this content
131138
</a>
132139
</div>

0 commit comments

Comments
 (0)