fix(account): sanitize password in checkPassword method to prevent injection

mjabascal10 · mjabascal10 · commit 142e593f5b46 · 2025-10-31T09:15:04.000-05:00
Signed-off-by: Manuel Abascal &lt;mjabascal10@gmail.com&gt;
diff --git a/frontend/src/app/core/auth/account.service.ts b/frontend/src/app/core/auth/account.service.ts
@@ -25,7 +25,8 @@ export class AccountService {
   }
 
   checkPassword(password: string, uuid: string): Observable<HttpResponse<string>> {
-    return this.http.get(SERVER_API_URL + `api/check-credentials?password=${password}&checkUUID=${uuid}`, {
+    const sanitizedPassword = encodeURIComponent(password);
+    return this.http.get(SERVER_API_URL + `api/check-credentials?password=${sanitizedPassword}&checkUUID=${uuid}`, {
       observe: 'response',
       responseType: 'text'
     });

Original file line number	Diff line number	Diff line change
`@@ -25,7 +25,8 @@ export class AccountService {`
`25`	`25`	`}`
`26`	`26`
`27`	`27`	`checkPassword(password: string, uuid: string): Observable<HttpResponse<string>> {`
`28`		- return this.http.get(SERVER_API_URL + `api/check-credentials?password=${password}&checkUUID=${uuid}`, {
	`28`	`+ const sanitizedPassword = encodeURIComponent(password);`
	`29`	+ return this.http.get(SERVER_API_URL + `api/check-credentials?password=${sanitizedPassword}&checkUUID=${uuid}`, {
`29`	`30`	`observe: 'response',`
`30`	`31`	`responseType: 'text'`
`31`	`32`	`});`