- Issue created by @ankitv18
In _acquia_optimize_footer method: https://git.drupalcode.org/project/acquia_optimize/-/blob/1.x/acquia_opt...
There's a scope of potential XSS which we can avoid.
Convert string to Render array
Something like this:
/ Replace HTML string construction with render array
$footer = [
'#type' => 'container',
'#attributes' => ['class' => ['optimize-footer']],
'info' => [
'#type' => 'html_tag',
'#tag' => 'p',
'#attributes' => ['class' => ['scan-info']],
'#markup' => t('Results are not synchronized to your Acquia Optimize account. To learn more visit'),
],
'link' => [
'#type' => 'link',
'#title' => t('Acquia Docs.'),
'#url' => Url::fromUri('https://docs.acquia.com/acquia-optimize/how-do-scan/quick-scan#section-faq'),
'#attributes' => ['target' => '_blank'],
],
'account_button' => [
'#type' => 'link',
'#title' => t('Go to your Optimize account'),
'#url' => Url::fromUri('https://new.monsido.com'),
'#attributes' => [
'target' => '_blank',
'class' => ['optimize-account-button'],
],
],
];
// Use the render array instead of the HTML string
$form['footer'] = $footer;
Active
1.1
Code