Skip to content

Added captacha #168

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
jontyms wants to merge 4 commits into
base: dev
Choose a base branch
from
Draft

Added captacha #168

jontyms wants to merge 4 commits into from

Conversation

@jontyms
Copy link
Member

@jontyms jontyms commented Jul 28, 2024

No description provided.

github-advanced-security[bot]
github-advanced-security bot found potential problems Jul 28, 2024
View reviewed changes
app/templates/error.html
<h2>{{reason}}</h2>

<a class="btn" href="/"><i class="fa-solid fa-house"></i> Go Home</a>
<a class="btn" href="{{return_url}}"

Check warning

Code scanning / Semgrep OSS

Semgrep Finding: javascript.express.security.audit.xss.mustache.var-in-href.var-in-href

Detected a template variable used in an anchor tag with the 'href' attribute. This allows a malicious actor to input the 'javascript:' URI and is subject to cross- site scripting (XSS) attacks. If using a relative URL, start with a literal forward slash and concatenate the URL, like this: href='/{{link}}'. You may also consider setting the Content Security Policy (CSP) header.
app/templates/error.html
<h2>{{reason}}</h2>

<a class="btn" href="/"><i class="fa-solid fa-house"></i> Go Home</a>
<a class="btn" href="{{return_url}}"

Check warning

Code scanning / Semgrep OSS

Semgrep Finding: python.django.security.audit.xss.template-href-var.template-href-var

Detected a template variable used in an anchor tag with the 'href' attribute. This allows a malicious actor to input the 'javascript:' URI and is subject to cross- site scripting (XSS) attacks. Use the 'url' template tag to safely generate a URL. You may also consider setting the Content Security Policy (CSP) header.
app/templates/error.html
<h2>{{reason}}</h2>

<a class="btn" href="/"><i class="fa-solid fa-house"></i> Go Home</a>
<a class="btn" href="{{return_url}}"

Check warning

Code scanning / Semgrep OSS

Semgrep Finding: python.flask.security.xss.audit.template-href-var.template-href-var

Detected a template variable used in an anchor tag with the 'href' attribute. This allows a malicious actor to input the 'javascript:' URI and is subject to cross- site scripting (XSS) attacks. Use 'url_for()' to safely generate a URL. You may also consider setting the Content Security Policy (CSP) header.
app/templates/signup.html
</details>
</div>
</div>
<script src="https://hcaptcha.com/1/api.js" async defer></script>

Check warning

Code scanning / Semgrep OSS

Semgrep Finding: html.security.audit.missing-integrity.missing-integrity

This tag is missing an 'integrity' subresource integrity attribute. The 'integrity' attribute allows for the browser to verify that externally hosted files (for example from a CDN) are delivered without unexpected manipulation. Without this attribute, if an attacker can modify the externally hosted resource, this could lead to XSS and other types of attacks. To prevent this, include the base64-encoded cryptographic hash of the resource (file) you’re telling the browser to fetch in the 'integrity' attribute for all externally hosted files.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jontyms