Huurtoeslag #31

anneschuth · 2025-02-24T13:45:51Z

No description provided.

for more information, see https://pre-commit.ci

- Added scenario for person under 18 years old (not eligible) - Added scenario for single person with low income and higher rent - Added scenario for person with income too high (over €44,000) - Fixed up YAML file with correct service costs calculation - Updated template display for required fields 🤖 Generated with Claude Code Co-Authored-By: Claude <[email protected]>

for more information, see https://pre-commit.ci

web/templates/admin/dashboard.html

+                <div class="-mt-2 -mr-2">{{ org_logo(current_service) }}</div>
+                <div class="relative">
+                    <select class="appearance-none bg-white border rounded-md py-2 pl-4 pr-10 font-medium focus:outline-none focus:ring-2 focus:ring-blue-500"
+                            onchange="window.location.href = '/admin/' + this.value">


To fix the problem, we need to ensure that the value from the select element is properly encoded or sanitized before being used in the URL. One way to achieve this is by using JavaScript's encodeURIComponent function, which encodes a URI component by replacing each instance of certain characters by one, two, three, or four escape sequences representing the UTF-8 encoding of the character.

Modify the onchange event handler to use encodeURIComponent(this.value) instead of directly concatenating this.value.

This change ensures that any special characters in this.value are properly encoded, preventing potential XSS attacks.

web/templates/base.html

+        <meta charset="UTF-8">
+        <meta name="viewport" content="width=device-width, initial-scale=1.0">
+        <title>Burger.nl</title>
+        <script src="https://cdnjs.cloudflare.com/ajax/libs/htmx/1.9.10/htmx.min.js"></script>


web/templates/base.html

+        <script defer
+                src="https://cdnjs.cloudflare.com/ajax/libs/alpinejs/3.13.3/cdn.min.js"></script>


web/templates/base.html

+                    <!-- User Switcher -->
+                    <div class="flex items-center space-x-4">
+                        <select class="bg-white text-gray-900 px-4 py-2 rounded w-96"
+                                onchange="window.location.href='/?bsn=' + this.value">


To fix the problem, we need to ensure that the value from the select element is properly encoded before being used in the URL. This can be achieved by using JavaScript's encodeURIComponent function, which encodes a URI component by replacing each instance of certain characters by one, two, three, or four escape sequences representing the UTF-8 encoding of the character.

The best way to fix the problem without changing existing functionality is to modify the onchange attribute to use encodeURIComponent(this.value) instead of this.value. This ensures that any special characters in the value are properly escaped, preventing potential XSS attacks.

for more information, see https://pre-commit.ci

The engine was trying to access operation["value"][0] but when operation["value"] is a dictionary instead of a list, this caused a KeyError. Now it checks if it's a list first. 🤖 Generated with Claude Code Co-Authored-By: Claude <[email protected]>

anneschuth and others added 7 commits February 24, 2025 13:54

wip huurtoeslag

4de19e6

update huurtoeslag

79fe4d8

update schema

23d329f

[pre-commit.ci] auto fixes from pre-commit.com hooks

af90f44

for more information, see https://pre-commit.ci

Update CLAUDE.md

1baffab

[pre-commit.ci] auto fixes from pre-commit.com hooks

166a7c9

for more information, see https://pre-commit.ci

github-advanced-security bot found potential problems Feb 24, 2025

View reviewed changes

anneschuth and others added 6 commits February 24, 2025 21:28

Voeg huurtoeslag UI templates toe en nieuwe test persoon Fatima

8792e7f

Geef huurtoeslag een eigen indigo kleur in de UI

ef71df4

[pre-commit.ci] auto fixes from pre-commit.com hooks

fd39ebe

for more information, see https://pre-commit.ci

Fix service validation issues by adding missing output fields

b6b1ce8

[pre-commit.ci] auto fixes from pre-commit.com hooks

833d152

for more information, see https://pre-commit.ci

anneschuth merged commit b4f4ac6 into main Feb 24, 2025
6 checks passed

anneschuth deleted the huurtoeslag branch February 24, 2025 21:01

@@ -11,3 +11,3 @@
                                 <select class="appearance-none bg-white border rounded-md py-2 pl-4 pr-10 font-medium focus:outline-none focus:ring-2 focus:ring-blue-500"
-                                        onchange="window.location.href = '/admin/' + this.value">
+                                        onchange="window.location.href = '/admin/' + encodeURIComponent(this.value)">
                                     {% for service_name in available_services %}

@@ -28,3 +28,3 @@
                                     <select class="bg-white text-gray-900 px-4 py-2 rounded w-96"
-                                            onchange="window.location.href='/?bsn=' + this.value">
+                                            onchange="window.location.href='/?bsn=' + encodeURIComponent(this.value)">
                                         {% for bsn_key, profile_data in all_profiles.items() %}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Huurtoeslag #31

Huurtoeslag #31

anneschuth commented Feb 24, 2025

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

		<script defer
		src="https://cdnjs.cloudflare.com/ajax/libs/alpinejs/3.13.3/cdn.min.js"></script>

Huurtoeslag #31

Huurtoeslag #31

Conversation

anneschuth commented Feb 24, 2025