From 7529422217f52821f9c162d4230dbe6c19a14237 Mon Sep 17 00:00:00 2001
From: Scarlett Truong <scarlett.truong307@gmail.com>
Date: Thu, 4 Jul 2024 11:12:08 -0700
Subject: [PATCH 1/4] chore: CE-864 move Feature flag to OpenShift

---
 frontend/openshift.deploy.yml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/frontend/openshift.deploy.yml b/frontend/openshift.deploy.yml
index 664f078c1..6e6608842 100644
--- a/frontend/openshift.deploy.yml
+++ b/frontend/openshift.deploy.yml
@@ -121,7 +121,10 @@ objects:
                 - name: LOG_LEVEL
                   value: ${LOG_LEVEL}
                 - name: SHOW_EXPERIMENTAL_FEATURES
-                  value: ${SHOW_EXPERIMENTAL_FEATURES}
+                  valueFrom:
+                    secretKeyRef:
+                      name: react-app
+                      key: show-experimental-features
                 - name: ENVIRONMENT_NAME
                   value: ${ENVIRONMENT_NAME}
               ports:

From c491eb2b2a8c46e4158eef691348ae1641f45b3f Mon Sep 17 00:00:00 2001
From: Scarlett Truong <scarlett.truong307@gmail.com>
Date: Thu, 4 Jul 2024 11:14:23 -0700
Subject: [PATCH 2/4] revert change

---
 frontend/openshift.deploy.yml | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/frontend/openshift.deploy.yml b/frontend/openshift.deploy.yml
index 6e6608842..664f078c1 100644
--- a/frontend/openshift.deploy.yml
+++ b/frontend/openshift.deploy.yml
@@ -121,10 +121,7 @@ objects:
                 - name: LOG_LEVEL
                   value: ${LOG_LEVEL}
                 - name: SHOW_EXPERIMENTAL_FEATURES
-                  valueFrom:
-                    secretKeyRef:
-                      name: react-app
-                      key: show-experimental-features
+                  value: ${SHOW_EXPERIMENTAL_FEATURES}
                 - name: ENVIRONMENT_NAME
                   value: ${ENVIRONMENT_NAME}
               ports:

From 383345976e95969e9e3bc77e44c184d7467c443c Mon Sep 17 00:00:00 2001
From: Mike <100624415+marqueone-ps@users.noreply.github.com>
Date: Thu, 4 Jul 2024 11:25:25 -0700
Subject: [PATCH 3/4] fix: CE-862: Fixed potential cross site scripting exploit
 (#497)

Co-authored-by: Mike Sears <mike.2.sears@gov.bc.ca>
---
 backend/package-lock.json                      | 1 +
 backend/package.json                           | 1 +
 backend/src/v1/document/document.controller.ts | 5 ++---
 3 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/backend/package-lock.json b/backend/package-lock.json
index 0b2b2de9d..2e285bb7c 100644
--- a/backend/package-lock.json
+++ b/backend/package-lock.json
@@ -33,6 +33,7 @@
         "date-fns": "^3.6.0",
         "date-fns-tz": "^3.1.3",
         "dotenv": "^16.0.1",
+        "escape-html": "^1.0.3",
         "form-data": "^4.0.0",
         "geojson": "^0.5.0",
         "jest-mock": "^29.6.1",
diff --git a/backend/package.json b/backend/package.json
index b934ef0f9..5fa883561 100644
--- a/backend/package.json
+++ b/backend/package.json
@@ -64,6 +64,7 @@
     "date-fns": "^3.6.0",
     "date-fns-tz": "^3.1.3",
     "dotenv": "^16.0.1",
+    "escape-html": "^1.0.3",
     "form-data": "^4.0.0",
     "geojson": "^0.5.0",
     "jest-mock": "^29.6.1",
diff --git a/backend/src/v1/document/document.controller.ts b/backend/src/v1/document/document.controller.ts
index f87c51b95..9f26a7f50 100644
--- a/backend/src/v1/document/document.controller.ts
+++ b/backend/src/v1/document/document.controller.ts
@@ -8,6 +8,7 @@ import { Roles } from "../../auth/decorators/roles.decorator";
 import { Token } from "../../auth/decorators/token.decorator";
 import { COMPLAINT_TYPE } from "../../types/models/complaints/complaint-type";
 import { format } from "date-fns";
+import { escape } from "escape-html";
 
 @UseGuards(JwtRoleGuard)
 @ApiTags("document")
@@ -27,8 +28,6 @@ export class DocumentController {
     @Res() res: Response,
   ): Promise<void> {
     try {
-      this.logger.debug("TIMEZONE: ", tz);
-
       const fileName = `Complaint-${id}-${type}-${format(new Date(), "yyyy-MM-dd")}.pdf`;
       const response = await this.service.exportComplaint(id, type, fileName, tz);
 
@@ -47,7 +46,7 @@ export class DocumentController {
       res.end(buffer);
     } catch (error) {
       this.logger.error(`exception: unable to export document for complaint: ${id} - error: ${error}`);
-      res.status(500).send(`exception: unable to export document for complaint: ${id} - error: ${error}`);
+      res.status(500).send(`exception: unable to export document for complaint: ${escape(id)}`);
     }
   }
 }

From bdd876d5b543bd8935278f59aee3eac374ac40d9 Mon Sep 17 00:00:00 2001
From: Mike <100624415+marqueone-ps@users.noreply.github.com>
Date: Thu, 4 Jul 2024 11:50:10 -0700
Subject: [PATCH 4/4] feat: CE-747: update map verbiage (#496)

Co-authored-by: Mike Sears <mike.2.sears@gov.bc.ca>
---
 .../app/components/mapping/leaflet-map-with-multiple-points.tsx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/frontend/src/app/components/mapping/leaflet-map-with-multiple-points.tsx b/frontend/src/app/components/mapping/leaflet-map-with-multiple-points.tsx
index 36bc3ebe7..efa06172d 100644
--- a/frontend/src/app/components/mapping/leaflet-map-with-multiple-points.tsx
+++ b/frontend/src/app/components/mapping/leaflet-map-with-multiple-points.tsx
@@ -82,7 +82,7 @@ const LeafletMapWithMultiplePoints: React.FC<MapProps> = ({ complaintType, marke
       const bannerType = unmappedComplaints >= 1 ? "unmapped" : "no-results";
       const info =
         unmappedComplaints >= 1
-          ? `The exact location of ${unmappedComplaints} complaint${isPluralized} could not be determined.`
+          ? `${unmappedComplaints} complaint${isPluralized} could not be mapped`
           : "No complaints found.";
 
       return (