Potential fix for
[https://github.com/Stirling-Tools/Stirling-PDF/security/code-scanning/11](https://github.com/Stirling-Tools/Stirling-PDF/security/code-scanning/11)
To fix the issue, we should avoid using `innerHTML` to insert untrusted
data into the DOM. Instead, we can use DOM manipulation methods like
`createElement` and `appendChild` to construct the required HTML
structure safely. These methods do not interpret strings as HTML,
thereby mitigating the risk of XSS.
Specifically:
1. Replace the `innerHTML` assignment on line 302 with code that creates
the required DOM elements programmatically.
2. Ensure that the `selectedOperation` value is inserted as plain text
using `textContent` or equivalent methods.
---
_Suggested fixes powered by Copilot Autofix. Review carefully before
merging._
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
# Description of Changes
Previously, the dropdown menu in the pipeline configuration displayed
all endpoints, including disabled ones, and allowed API calls to them.
Changes:
- Updated EndpointInterceptor to correctly parse request URIs and match
them to corresponding endpoint names in settings.yml, ensuring disabled
endpoints are blocked.
- Added a new API endpoint in SettingsController to expose the
endpointStatus map, allowing the frontend to check which endpoints are
disabled.
- Updated pipeline.js to use this new API and hide disabled endpoints
from the dropdown menu.
Tests:
- Created a new Docker Compose setup using a custom settings.yml where
all endpoints are disabled.
- Implemented a test script to run this setup, send API requests to
disabled endpoints, and verify they are correctly blocked.
[Bug Fix Video](https://youtu.be/L1z3jZh8z8E)
Closes#2881
---
## Checklist
### General
- [x] I have read the [Contribution
Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md)
- [x] I have read the [Stirling-PDF Developer
Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/DeveloperGuide.md)
(if applicable)
- [ ] I have read the [How to add new languages to
Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/HowToAddNewLanguage.md)
(if applicable)
- [x] I have performed a self-review of my own code
- [x] My changes generate no new warnings
### Documentation
- [ ] I have updated relevant docs on [Stirling-PDF's doc
repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/)
(if functionality has heavily changed)
- [ ] I have read the section [Add New Translation
Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/HowToAddNewLanguage.md#add-new-translation-tags)
(for new translation tags only)
### UI Changes (if applicable)
- [ ] Screenshots or videos demonstrating the UI changes are attached
(e.g., as comments or direct attachments in the PR)
### Testing (if applicable)
- [x] I have tested my changes locally. Refer to the [Testing
Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/DeveloperGuide.md#6-testing)
for more details.
---------
Co-authored-by: Anthony Stirling <77850077+Frooodle@users.noreply.github.com>
