Skip to content

Commit 1576cfa

Browse files
devin-ai-integration[bot]Alek99
devin-ai-integration[bot]
and
Alek99
committed
Address code quality issues from PR review
- Add missing 'track' method to signals stub methods array - Escape single quotes in email values to prevent XSS vulnerabilities - Improve security of JavaScript string interpolation Co-Authored-By: Alek <[email protected]>
1 parent 1028e40 commit 1576cfa

File tree

3 files changed

+3
-3
lines changed

3 files changed

+3
-3
lines changed

pcweb/pages/pricing/header.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -196,7 +196,7 @@ def submit(self, form_data: dict[str, Any]):
196196
yield QuoteFormState.send_demo_event(form_data)
197197

198198
yield rx.call_script(
199-
f"try {{ signals.identify('{email}'); }} catch(e) {{ console.warn('Signals identify failed:', e); }}"
199+
f"try {{ signals.identify('{email.replace("'", "\\'")}'); }} catch(e) {{ console.warn('Signals identify failed:', e); }}"
200200
)
201201

202202
if self.is_small_company():

pcweb/signup.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -101,6 +101,6 @@ def signup(
101101
self.add_contact_to_loops(email)
102102
self.signed_up = True
103103
return [
104-
rx.call_script(f"try {{ signals.identify('{email}'); }} catch(e) {{ console.warn('Signals identify failed:', e); }}"),
104+
rx.call_script(f"try {{ signals.identify('{email.replace("'", "\\'")}'); }} catch(e) {{ console.warn('Signals identify failed:', e); }}"),
105105
rx.toast.success("Thanks for signing up to the Newsletter!")
106106
]

pcweb/telemetry/pixels_signals.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@
1111
script.async = true;
1212
window.signals = Object.assign(
1313
[],
14-
['page', 'identify', 'form'].reduce(function (acc, method){
14+
['page', 'identify', 'form', 'track'].reduce(function (acc, method){
1515
acc[method] = function () {
1616
signals.push([method, arguments]);
1717
return signals;

0 commit comments

Comments
 (0)