No clue what label to use nor whether this is the best place to discuss.
We have a recent code scanning alert at https://github.com/kolmafia/kolmafia/security/code-scanning
The scanner wants to blame a PR that did not touch the file that is now flagged.
The issue is https://github.com/kolmafia/kolmafia/security/code-scanning/117 which can lead to a cross-site scripting vulnerability.
I think a fix could be simple but I am not especially fluent with JavaScript so I am not offering to make it. It may also be that the vulnerability cannot be exploited in mafia's environment.
Does someone want to fix it or disable this warning?
We have a recent code scanning alert at https://github.com/kolmafia/kolmafia/security/code-scanning
The scanner wants to blame a PR that did not touch the file that is now flagged.
The issue is https://github.com/kolmafia/kolmafia/security/code-scanning/117 which can lead to a cross-site scripting vulnerability.
I think a fix could be simple but I am not especially fluent with JavaScript so I am not offering to make it. It may also be that the vulnerability cannot be exploited in mafia's environment.
Does someone want to fix it or disable this warning?