Skip to content

860 sanitise news link#862

Merged
ignatiusm merged 4 commits into
devfrom
860-sanitise-newsLink
Jun 15, 2026
Merged

860 sanitise news link#862
ignatiusm merged 4 commits into
devfrom
860-sanitise-newsLink

Conversation

@ignatiusm

@ignatiusm ignatiusm commented Jun 12, 2026

Copy link
Copy Markdown
Contributor

This PR resolves #860 by:

  • refactoring URL regex to be more DRY
  • Adding backend tests to ensure unvalidated Org Settings URL data isn't stored in DB (tcLink and newsLink)
  • Adding function in Settings controller that uses sanitizeUrl library and urlRegex to sanitise and validate input data before saving to db

Tested using yarn workspace backend console, yarn workspace backend test settings and using swagger. Note cannot be tested via Admin Portal as the UI has validation applied.

CSP headers will be best to apply via nginx, so is not part of this PR.

@ignatiusm ignatiusm requested a review from plouka13 June 12, 2026 05:50
@ignatiusm ignatiusm changed the base branch from main to dev June 12, 2026 05:51

@plouka13 plouka13 left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks great @ignatiusm. Tested - works as expected ✅

@ignatiusm ignatiusm merged commit 40271af into dev Jun 15, 2026
6 checks passed
@ignatiusm ignatiusm deleted the 860-sanitise-newsLink branch June 15, 2026 04:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants