Commit a2b41fa
fix(security): suppress CodeQL false positive for trusted GCS content
Add inline suppression comment for py/reflective-xss alert. The content
comes from our controlled GCS bucket (pyplots-images), validated via
build_safe_gcs_url() - not user input. This is trusted interactive
plot HTML that cannot be escaped without breaking functionality.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>1 parent 499a197 commit a2b41fa
1 file changed
+3
-1
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
199 | 199 | | |
200 | 200 | | |
201 | 201 | | |
202 | | - | |
| 202 | + | |
| 203 | + | |
| 204 | + | |
203 | 205 | | |
204 | 206 | | |
0 commit comments