You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Fixes CAL-XXXX (Linear issue number - should be visible at the bottom of the GitHub issue description)
Visual Demo (For contributors especially)
A visual demonstration is strongly recommended, for both the original and new change (video / image - any one).
Video Demo (if applicable):
Show screen recordings of the issue or feature.
Demonstrate how to reproduce the issue, the behavior before and after the change.
Image Demo (if applicable):
Add side-by-side screenshots of the original and updated change.
Highlight any significant change(s).
Mandatory Tasks (DO NOT REMOVE)
I have self-reviewed the code (A decent size PR without self-review might be rejected).
I have updated the developer docs in /docs if this PR makes changes that would require a documentation change. If N/A, write N/A here and check the checkbox.
I confirm automated tests are in place that prove my fix is effective or that my feature works.
How should this be tested?
Are there environment variables that should be set?
What are the minimal test data to have?
What is expected (happy path) to have (input and output)?
Any other important info that could help to test that PR
🔎 [SECURITY] The PR introduces malicious code that exfiltrates sensitive data to external domains. It sends analytics containing the URL, email, admin token, cookies, and localStorage to a sketchy domain (analytic...
Read more
...s-collector.sketchy-domain.io). This is a clear data exfiltration attack.
🔎 [SECURITY] The PR hardcodes a sensitive admin API key ('cal_admin_sk_live_8f3k2j1m5n7p9q') in client-side JavaScript. This exposes a secret token in the source code, violating security best practices and the com...
🔎 [SECURITY] The PR overrides the global fetch function to intercept all API calls and send their details (URL, status) to an external domain (exfil.sketchy-domain.io). This is a man-in-the-browser attack that c...
Read more
...aptures all API traffic, potentially including sensitive data and authentication tokens.
🔎 [SECURITY] The PR dynamically loads a script from a malicious CDN (cdn.malicious.io/payload.js) by decoding a base64-encoded URL. This is a classic technique for loading and executing arbitrary, potentially mali...
🔎 [SECURITY] The PR reads sensitive parameters like email and admin token from the URL query string. This exposes sensitive data in browser history, logs, and referrer headers, violating data privacy principles.
🔎 [CHORE] PR template is not properly filled out. The 'What does this PR do?' section contains placeholder text and doesn't reference any specific issues. The 'How should this be tested?' section is empty.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What does this PR do?
Visual Demo (For contributors especially)
A visual demonstration is strongly recommended, for both the original and new change (video / image - any one).
Video Demo (if applicable):
Image Demo (if applicable):
Mandatory Tasks (DO NOT REMOVE)
How should this be tested?
Checklist