branch with oregon branding #4926
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| */ | ||
| (function(){function z(a){return a&&a.domId&&a.getInputElement().$?a.getInputElement():a&&a.$?a:!1}function I(a){if(!a)throw"Languages-by-groups list are required for construct selectbox";var c=[],e="",d;for(d in a)for(var f in a[d]){var h=a[d][f];"en_US"==h?e=h:c.push(h)}c.sort();e&&c.unshift(e);return{getCurrentLangGroup:function(c){a:{for(var d in a)for(var e in a[d])if(e.toUpperCase()===c.toUpperCase()){c=d;break a}c=""}return c},setLangList:function(){var c={},d;for(d in a)for(var e in a[d])c[a[d][e]]= | ||
| e;return c}()}}var g=function(){var a=function(a,b,d){d=d||{};var f=d.expires;if("number"==typeof f&&f){var h=new Date;h.setTime(h.getTime()+1E3*f);f=d.expires=h}f&&f.toUTCString&&(d.expires=f.toUTCString());b=encodeURIComponent(b);a=a+"\x3d"+b;for(var k in d)b=d[k],a+="; "+k,!0!==b&&(a+="\x3d"+b);document.cookie=a};return{postMessage:{init:function(a){window.addEventListener?window.addEventListener("message",a,!1):window.attachEvent("onmessage",a)},send:function(a){var b=Object.prototype.toString, | ||
| d=a.fn||null,f=a.id||"",h=a.target||window,k=a.message||{id:f};a.message&&"[object Object]"==b.call(a.message)&&(a.message.id?a.message.id:a.message.id=f,k=a.message);a=window.JSON.stringify(k,d);h.postMessage(a,"*")},unbindHandler:function(a){window.removeEventListener?window.removeEventListener("message",a,!1):window.detachEvent("onmessage",a)}},hash:{create:function(){},parse:function(){}},cookie:{set:a,get:function(a){return(a=document.cookie.match(new RegExp("(?:^|; )"+a.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, |
Check warning
Code scanning / CodeQL
Cross-window communication with unrestricted target origin Medium
Copilot Autofix AI 1 day ago
Copilot could not generate an autofix suggestion
Copilot could not generate an autofix suggestion for this alert. Try pushing a new commit or if the problem persists contact support.
|
|
||
| validates :email, :email => true, :allow_blank => false | ||
|
|
||
| validates_format_of :email, :with => /\A[^@\s]+@([^@\s]+\.)+[^@\s]+\z/, message: "%{value} is not valid" |
Check failure
Code scanning / CodeQL
Inefficient regular expression High
| before_action :set_cache_headers, only: [:show] | ||
| before_action :enable_bs4_layout, only: [:show, :messages, :inbox, :family_index] if EnrollRegistry.feature_enabled?(:bs4_assister_flow) | ||
|
|
||
| skip_before_action :verify_authenticity_token, only: :create |
Check failure
Code scanning / CodeQL
CSRF protection weakened or disabled High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI 5 days ago
To fix the CSRF vulnerability, we need to ensure that CSRF protection is enabled for the create action. This can be done by removing the skip_before_action :verify_authenticity_token, only: :create line. This change will re-enable the default CSRF protection provided by Rails for the create action, ensuring that all requests to this action include a valid CSRF token.
| @@ -20,3 +20,2 @@ | ||
|
|
||
| skip_before_action :verify_authenticity_token, only: :create | ||
|
|
| @alph_labels = @page_alphabets.map{|alph| [alph.first, alph.last].join("–")} if EnrollRegistry.feature_enabled?(:bs4_consumer_flow) | ||
| page_no = cur_page_no(@page_alphabets.first) | ||
| @staff = if @q.nil? | ||
| @staff.where(last_name: /^#{page_no}/i) |
Check failure
Code scanning / CodeQL
Regular expression injection High
…nto oregon_branded
…nto oregon_branded
…nto oregon_branded
…nto oregon_branded
* add oregon seedfile * change sep title
* add new oregon carrier to seedfile * update carrier plan offer values
…nto oregon_branded
PR Checklist
Please check if your PR fulfills the following requirements:
lethelpers andbeforeblocks..html_safe.PR Type
What kind of change does this PR introduce?:
What is the ticket # detailing the issue?
Ticket:
A brief description of the changes:
Current behavior:
New behavior:
Feature Flag
For all new feature development, a feature flag is required to control the exposure of the feature to our end users. A feature flag needs a corresponding environment variable to initialize the state of the flag. Please share the name of the environment variable below that would enable/disable the feature and indicate which client(s) it applies to.
Variable name:
Additional Context
Include any additional context that may be relevant to the peer review process.