Whitelisting internal links to load templates via ajax

dhilip.kumaran · September 21, 2022, 6:31am

Our app got rejected in review process done by “Coverity”. From the report we could see that its due to loading the internal template file via ajax

Sample code:

$.ajax({
url: './template-body.hbs',
type: 'GET'
}).then((results)=>{
var template = Handlebars.compile(results);
$('#widget-article-content').html(template(_data));
});

These template files will locate inside the “templates” folder of our package.

We are whitelisting our API URL for data fetch but we would like to know how can we whitelist internal URL “./.hbs”

Note: Previously our app got approved with the same changes but now due to the “Coverity” this issue we are facing.

kaustavdm · October 13, 2022, 9:37am

Whitelist is only possible for hosts, not for a file path. One way to reimplement this would be to pass the template’s content as a string.

system · October 19, 2022, 3:37pm

This topic was automatically closed 6 days after the last reply. New replies are no longer allowed.