Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TP-2563-fix-healthie-long-text-form-field #2

Merged
merged 1 commit into from
Oct 15, 2024
Merged

TP-2563-fix-healthie-long-text-form-field #2

merged 1 commit into from
Oct 15, 2024

Conversation

sharlotta93
Copy link
Contributor

@sharlotta93 sharlotta93 commented Oct 15, 2024
edited by github-actions bot
Loading

User description

Healthie is expecting HTML-encoded multiline text when sending a textarea form answer

PR Type

Bug fix, Documentation

Description

  • Fixed the format of long text answers to use plain HTML instead of Unicode-escaped HTML.
  • Updated test cases to reflect the change in long text answer format.
  • Added documentation to clarify the expected HTML format for Healthie integration.
  • Updated package version to 0.1.17.

Changes walkthrough 📝

Relevant files
Tests
awellFormResponseToHealthieFormAnswers.test.ts
Update test case for long text answer format                         

src/lib/utils/healthie/awellFormResponseToHealthieFormAnswers/awellFormResponseToHealthieFormAnswers.test.ts

  • Updated test case to use HTML instead of Unicode-escaped HTML.
 +1/-1     
Bug fix
awellFormResponseToHealthieFormAnswers.ts
Fix long text answer format to plain HTML                               

src/lib/utils/healthie/awellFormResponseToHealthieFormAnswers/awellFormResponseToHealthieFormAnswers.ts

  • Changed the return value from Unicode-escaped HTML to plain HTML for
    long text answers.
    		•  +2/-2     
    Documentation
    getLongTextAnswer.ts
    Document expected HTML format for Healthie integration     

    src/lib/utils/healthie/awellFormResponseToHealthieFormAnswers/utils/getLongTextAnswer/getLongTextAnswer.ts

    • Added clarification on the expected HTML format for Healthie.
    		 +3/-0     
    Configuration changes
    package.json
    Update package version to 0.1.17                                                 

    package.json

    • Bumped package version from 0.1.16 to 0.1.17.
    		 +1/-1     

    💡 PR-Agent usage: Comment /help "your question" on any pull request to receive relevant information

    @github-actions github-actions bot added documentation Improvements or additions to documentation Bug fix Review effort [1-5]: 2 labels Oct 15, 2024
    @github-actions GitHub Actions
    Copy link

    PR Reviewer Guide 🔍

    Here are some key observations to aid the review process:

    ⏱️ Estimated effort to review: 2 🔵🔵⚪⚪⚪
    🧪 PR contains tests
    🔒 No security concerns identified
    ⚡ Recommended focus areas for review

    Documentation Mismatch
    The function documentation mentions transforming text into Unicode escape sequences, which contradicts the new implementation that expects plain HTML. This could lead to confusion about the function's purpose and output.

    @github-actions GitHub Actions
    Copy link

    PR Code Suggestions ✨

    Explore these optional code suggestions:

    CategorySuggestion                                                                                                                                    Score
    Security
    Improve security by sanitizing HTML content to prevent XSS vulnerabilities

    Ensure that the getLongTextAnswer function properly handles and escapes any user
    input to prevent Cross-Site Scripting (XSS) vulnerabilities when rendering HTML
    content.

    src/lib/utils/healthie/awellFormResponseToHealthieFormAnswers/awellFormResponseToHealthieFormAnswers.ts [40-41]

     const { html } = getLongTextAnswer(questionResponse.value)
-return html
+return sanitizeHtml(html)
    Suggestion importance[1-10]: 9

    Why: The suggestion addresses a critical security concern by proposing to sanitize HTML content, which is essential to prevent XSS vulnerabilities. This is a significant improvement to ensure the safety of rendering user input as HTML.

    		9

    @sharlotta93 sharlotta93 merged commit 4c078b2 into main Oct 15, 2024
    2 checks passed
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Reviewers

    @mohsinht mohsinht mohsinht approved these changes

    Assignees
    No one assigned
    Labels
    Bug fix documentation Improvements or additions to documentation Review effort [1-5]: 2
    Projects
    None yet
    Milestone
    No milestone
    Development

    Successfully merging this pull request may close these issues.
    2 participants
    @sharlotta93 @mohsinht