Create JavaScript file #12

moulongzhang · 2025-01-23T10:17:27Z

This pull request includes several changes to improve the project structure, update dependencies, and enhance the functionality of the application. The most important changes include updating external libraries, separating DOM manipulation logic into a new file, and adding ESLint configuration.

github-advanced-security · 2025-01-23T11:11:44Z

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

logic.js

…gzhang.github.io into feature/separate_DOM

logic.js

+    var now = moment().format('MMMM Do YYYY, h:mm:ss a');
+    $('#demo').text('Current time: ' + now);
+    $('#greetButton').on('click', greetUser);
+    $('#savePasswordButton').on('click', function() {


logic.js

+
+export function greetUser () {
+    var name = document.getElementById('userInput').value;
+    if (name == "") {


To fix the problem, we need to replace the == operator with the === operator on line 19. This ensures that the comparison checks both the value and the type, preventing any unintended type coercion.

Locate the comparison on line 19 in the greetUser function.

Replace == with ===.

No additional methods, imports, or definitions are needed to implement this change.

index.html

-    <script src="https://code.jquery.com/jquery-3.5.0.min.js"></script>
-    <script src="https://cdnjs.cloudflare.com/ajax/libs/lodash.js/4.17.15/lodash.min.js"></script>
-    <script src="https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.24.0/moment.min.js"></script>
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.29.4/moment.min.js"></script>


index.html

-    <script src="https://cdnjs.cloudflare.com/ajax/libs/lodash.js/4.17.15/lodash.min.js"></script>
-    <script src="https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.24.0/moment.min.js"></script>
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.29.4/moment.min.js"></script>
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/lodash.js/4.17.21/lodash.min.js"></script>


index.html

-    <script src="https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.24.0/moment.min.js"></script>
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.29.4/moment.min.js"></script>
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/lodash.js/4.17.21/lodash.min.js"></script>
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.7.1/jquery.min.js"></script>


index.html

+    <script src="https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.29.4/moment.min.js"></script>
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/lodash.js/4.17.21/lodash.min.js"></script>
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.7.1/jquery.min.js"></script>
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/axios/1.6.2/axios.min.js"></script>


logic.js

+    });
+});
+
+export function greetUser () {


To fix this issue, we need to ensure that the user input is properly escaped before being inserted into the DOM. Instead of using innerHTML, we should use textContent to avoid interpreting the input as HTML. This will ensure that any HTML characters in the user input are treated as text and not as HTML.

Replace the use of innerHTML with textContent for setting the greeting message.

This change should be made on line 22 of the provided code.

logic.js

+    if (name == "") {
+        name = "guest";
+    }
+    document.getElementById('greeting').innerHTML = 'Hello, ' + name + '!';


To fix the problem, we need to ensure that the password is encrypted before being stored in localStorage. We can use the Node.js crypto module to encrypt the password. This will involve creating an encryption function and using it to encrypt the password before storing it. Additionally, we should avoid displaying the password in clear text in the DOM.

logic.js

+    $('#demo').text('Username: ' + username + ', Password: ' + password);
+}
+
+export function processData (data){


moulongzhang and others added 7 commits January 23, 2025 17:46

Separate javascript file

e69f216

Add few vulnerabilities

2a84d9b

Modify codeQL

d6e2449

Add eslint

227873b

Merge branch 'master' into feature/separate_DOM

da61828

Update eslint.yml

4293496

Update eslint.yml

94cc7ab

github-advanced-security bot found potential problems Jan 23, 2025

View reviewed changes

logic.js Fixed Show fixed Hide fixed

logic.js Fixed Show fixed Hide fixed

moulongzhang added 2 commits January 23, 2025 20:18

Add few linter errors

340cba0

Merge branch 'feature/separate_DOM' of github.com:moulongzhang/moulon…

72e30ad

…gzhang.github.io into feature/separate_DOM

github-advanced-security bot found potential problems Jan 23, 2025

View reviewed changes

logic.js Fixed Show fixed Hide fixed

logic.js Fixed Show fixed Hide fixed

logic.js Fixed Show fixed Hide fixed

moulongzhang added 6 commits January 23, 2025 20:25

Remove unsupported error

673b364

Modify workflow

00ffc82

Rollback moment version

1c372d8

Add codeql files to gitignore

185e8ef

Merge branch 'master' into feature/separate_DOM

65410f1

Adding access to Clear text storage of sensitive information

0b9a9ef

github-advanced-security bot found potential problems Jan 24, 2025

View reviewed changes

moulongzhang added 2 commits January 24, 2025 14:40

Modify title

47fb856

Modify text message

a61337b

github-advanced-security bot found potential problems Jan 24, 2025

View reviewed changes

@@ -4,2 +4,3 @@
             const axios = window.axios;
+            const crypto = window.crypto || require('crypto');
@@ -26,4 +27,5 @@
                 if (_.isEmpty(username) || _.isEmpty(password)) return;
-                localStorage.setItem(username, password);
-                $('#demo').text('Username: ' + username + ', Password: ' + password);
+                const encryptedPassword = encrypt(password);
+                localStorage.setItem(username, encryptedPassword);
+                $('#demo').text('Username: ' + username + ', Password: [encrypted]');
             }
@@ -33,2 +35,7 @@
             }
+            function encrypt(text) {
+                const cipher = crypto.createCipher('aes-256-ctr', 'password');
+                return cipher.update(text, 'utf8', 'hex') + cipher.final('hex');
+            }

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Create JavaScript file #12

Create JavaScript file #12

moulongzhang commented Jan 23, 2025

github-advanced-security bot commented Jan 23, 2025

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

@@ -21,3 +21,3 @@
                 }
-                document.getElementById('greeting').innerHTML = 'Hello, ' + name + '!';
+                document.getElementById('greeting').textContent = 'Hello, ' + name + '!';
             }

Create JavaScript file #12

Are you sure you want to change the base?

Create JavaScript file #12

Conversation

moulongzhang commented Jan 23, 2025

github-advanced-security bot commented Jan 23, 2025