mirror of
https://github.com/shankar0123/certctl.git
synced 2026-06-07 20:31:30 +00:00
shankar0123
1fc3e688a6
CI run #295 surfaced an L-019 guard regression: my Pass 3 XSS-hardening test docstrings cite 'dangerouslySetInnerHTML' by name to explain what the test is guarding against (e.g., 'a careless refactor to dangerouslySetInnerHTML would let an attacker-controlled CSR deliver an XSS payload'). The grep guard caught the literal string in the comments. The guards exist to prevent PRODUCTION code from regressing. Tests describing the threat by name aren't using it. Fix all three text-pattern guards to exclude *.test.{ts,tsx} files via grep -vE pattern; the test code itself can't sneak past, only docstrings + fixture data. Guards updated: - L-015 target=_blank rel=noopener (defensive — currently no test references but symmetric with L-019) - L-019 dangerouslySetInnerHTML — fixes the active CI break - M-009 hard-zero useMutation — symmetric defensive update Verification: python3 yaml.safe_load YAML OK L-019 grep -vE simulation PASS (test docstrings excluded) L-015 grep -vE simulation PASS (no offenders) M-009 grep -vE simulation PASS (still 0 bare useMutation)