Fix code scanning alert no. 9: Stored cross-site scripting

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Frances Coronel <[email protected]>
Latina-Dev · Dec 1, 2024 · 3cc4210 · 3cc4210
1 parent 25ad7c5
commit 3cc4210
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 2 deletions.
diff --git a/components/MemberCard/MemberCard.tsx b/components/MemberCard/MemberCard.tsx
@@ -1,5 +1,6 @@
 import Image from "next/image";
 import Link from "next/link";
+import escapeHtml from "escape-html";
 
 import CountryFlags from "@/components/CountryFlags/CountryFlags";
 import SocialLinks from "@/components/SocialLinks/SocialLinks";
@@ -12,10 +13,11 @@ interface MemberProps {
 
 const MemberCard = (props: MemberProps) => {
   const { name, slug, level, countries } = props.member;
+  const sanitizedPath = escapeHtml(props.member.path);
 
   return (
     <div className={"text-center"}>
-      <Link href={props.member.path} aria-label={name} className="block">
+      <Link href={sanitizedPath} aria-label={name} className="block">
         {/* Image */}
         <Image
           src={`/img/members/${slug}.jpg`}

diff --git a/package.json b/package.json
@@ -32,7 +32,8 @@
     "remark-parse": "10.0.1",
     "swr": "^2.1.5",
     "typescript": "5.5.4",
-    "unified": "10.1.2"
+    "unified": "10.1.2",
+    "escape-html": "^1.0.3"
   },
   "devDependencies": {
     "@chromatic-com/storybook": "1.6.1",