Skip to content

Commit

Permalink
chore: fix code scanning alerts (DevExpress#26483)
Browse files Browse the repository at this point in the history
  • Loading branch information
VasilyStrelyaev authored Jan 25, 2024
1 parent 4d36413 commit 9ad620a
Show file tree
Hide file tree
Showing 4 changed files with 9 additions and 2 deletions.
6 changes: 6 additions & 0 deletions .github/workflows/codeql.yml
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,10 @@ jobs:
with:
ref: ${{ matrix.branch }}

- name: Get head SHA
id: get-head-sha
run: echo "SHA=$(git rev-parse origin/${{ matrix.branch }})" >> "$GITHUB_OUTPUT"

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
Expand All @@ -42,6 +46,8 @@ jobs:
uses: github/codeql-action/analyze@v2
with:
category: "/language:${{matrix.language}}"
ref: refs/heads/${{ matrix.branch }}
sha: ${{ steps.get-head-sha.outputs.SHA }}

fetch:
runs-on: devextreme-shr2
Expand Down
2 changes: 1 addition & 1 deletion packages/devextreme/js/core/utils/string.js
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@ export function format(template, ...values) {

export const replaceAll = (function() {
const quote = function(str) {
return (str + '').replace(/([+*?.[^\]$(){}><|=!:])/g, '\\$1'); // lgtm[js/incomplete-sanitization]
return (str + '').replace(/([\\+*?.[^\]$(){}><|=!:])/g, '\\$1');
};

return function(text, searchToken, replacementToken) {
Expand Down
2 changes: 1 addition & 1 deletion packages/devextreme/js/localization/ldml/number.js
Original file line number Diff line number Diff line change
Expand Up @@ -210,7 +210,7 @@ function getFormatByValueText(valueText, formatter, isPercent, isNegative) {
format = format.replace(/1+/, '1').replace(/1/g, '#');

if(!isPercent) {
format = format.replace('%', '\'%\''); // lgtm[js/incomplete-sanitization]
format = format.replace(/%/g, '\'%\'');
}

return format;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ QUnit.test('replace all case insensitive', function(assert) {
assert.strictEqual(stringUtils.replaceAll('test sentence', 'test', '<b>$1</b>'), '<b>test</b> sentence', 'replacement token $1');
assert.strictEqual(stringUtils.replaceAll('Test sentence', 'test', '<b>$1</b>'), '<b>Test</b> sentence', 'Replacement for different case');
assert.strictEqual(stringUtils.replaceAll('Test sentence test', 'test', '<b>$1</b>'), '<b>Test</b> sentence <b>test</b>', 'Multiple replacements');
assert.strictEqual(stringUtils.replaceAll('test sentence', 'test', '\\$1\\'), '\\test\\ sentence', 'backslash escaped correctly');
});

QUnit.test('stringFormat', function(assert) {
Expand Down

0 comments on commit 9ad620a

Please sign in to comment.