Skip to content

FEAT: Add consult us form and update page hero #577

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 13 commits into
base: main
Choose a base branch
from
Open

FEAT: Add consult us form and update page hero #577

wants to merge 13 commits into from

Conversation

stefanskoricdev
Copy link
Contributor

@stefanskoricdev stefanskoricdev commented Aug 25, 2025
edited
Loading

  • Updated hero section
  • Added "Get your plan form" (UI components and api endpoint)
  • Refactored whole page by extracting sections to components and placing content to md collections
image image image image image

@vercel Vercel
Copy link

vercel bot commented Aug 25, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Preview Comments Updated (UTC)
company-website Ready Ready Preview Comment Sep 3, 2025 11:26am
1 Skipped Deployment
Project Deployment Preview Comments Updated (UTC)
web-contact Skipped Skipped Sep 3, 2025 11:26am

github-advanced-security[bot]
github-advanced-security bot found potential problems Aug 26, 2025
View reviewed changes
apps/contact/app/api/get-plan/route.ts
const message =
(error as any)?.body?.message || "Issue while processing request";

return new Response(JSON.stringify({ message }), {

Check warning

Code scanning / CodeQL

Exception text reinterpreted as HTML Medium

Exception text
Loading
is reinterpreted as HTML without escaping meta-characters.

Copilot Autofix

AI 2 days ago

To fix the immediate problem, we should sanitize the error message before returning it in the API response. In concrete terms, this means escaping problematic HTML meta-characters (<, >, &, ", ') in the message string, so that if it is ever rendered directly as HTML in a browser, malicious payloads are defanged. The most robust and reliable way to do this is to use a library like he (https://github.com/mathiasbynens/he) or escape-html to encode HTML entities in the error message whenever an error is returned. In the given code, replace the assignment to message on line 136 with a version that escapes meta-characters, then use this escaped value in the error response on line 138. Only the error-handling code path needs fixing; successful responses do not return user-controlled content.

Additionally, you'll need to import the escaping utility at the top of the file.

Required changes:

  • Add an import for HTML escaping (using escape-html).
  • In the error catch block in the POST handler, sanitize the error message before it's returned in the JSON response.
Suggested changeset 2
apps/contact/app/api/get-plan/route.ts

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/apps/contact/app/api/get-plan/route.ts b/apps/contact/app/api/get-plan/route.ts
--- a/apps/contact/app/api/get-plan/route.ts
+++ b/apps/contact/app/api/get-plan/route.ts
@@ -2,6 +2,7 @@
 import { nanoid } from "nanoid";
 import { NextRequest } from "next/server";
 import z from "zod";
+import escapeHtml from "escape-html";
 
 const { NOTION_GET_PLAN_DATABASE_ID } = process.env;
 
@@ -132,8 +133,9 @@
       console.error("Error - api/get-plan", error);
 
       const statusCode = (error as any).statusCode || 501;
-      const message =
+      const rawMessage =
         (error as any)?.body?.message || "Issue while processing request";
+      const message = escapeHtml(rawMessage);
 
       return new Response(JSON.stringify({ message }), {
         status: statusCode,
EOF
@@ -2,6 +2,7 @@
import { nanoid } from "nanoid";
import { NextRequest } from "next/server";
import z from "zod";
import escapeHtml from "escape-html";

const { NOTION_GET_PLAN_DATABASE_ID } = process.env;

@@ -132,8 +133,9 @@
console.error("Error - api/get-plan", error);

const statusCode = (error as any).statusCode || 501;
const message =
const rawMessage =
(error as any)?.body?.message || "Issue while processing request";
const message = escapeHtml(rawMessage);

return new Response(JSON.stringify({ message }), {
status: statusCode,
apps/contact/package.json
Outside changed files

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/apps/contact/package.json b/apps/contact/package.json
--- a/apps/contact/package.json
+++ b/apps/contact/package.json
@@ -14,7 +14,8 @@
     "next": "15.5.2",
     "@notionhq/client": "^4.0.1",
     "nanoid": "^5.0.9",
-    "zod": "^4.0.17"
+    "zod": "^4.0.17",
+    "escape-html": "^1.0.3"
   },
   "devDependencies": {
     "typescript": "^5",
EOF
@@ -14,7 +14,8 @@
"next": "15.5.2",
"@notionhq/client": "^4.0.1",
"nanoid": "^5.0.9",
"zod": "^4.0.17"
"zod": "^4.0.17",
"escape-html": "^1.0.3"
},
"devDependencies": {
"typescript": "^5",
This fix introduces these dependencies
Package Version Security advisories
escape-html (npm) 1.0.3 None
Copilot is powered by AI and may make mistakes. Always verify output.
@vercel vercel bot temporarily deployed to Preview – web-contact August 27, 2025 10:58 Inactive
@vercel vercel bot temporarily deployed to Preview – web-contact August 27, 2025 11:23 Inactive
@vercel vercel bot temporarily deployed to Preview – web-contact August 27, 2025 11:39 Inactive
@vercel vercel bot temporarily deployed to Preview – web-contact August 27, 2025 14:01 Inactive
@vercel vercel bot temporarily deployed to Preview – web-contact August 27, 2025 14:10 Inactive
@vercel vercel bot temporarily deployed to Preview – web-contact August 27, 2025 14:20 Inactive
@vercel vercel bot temporarily deployed to Preview – web-contact August 27, 2025 14:28 Inactive
@vercel vercel bot temporarily deployed to Preview – web-contact August 27, 2025 14:33 Inactive
@vercel vercel bot temporarily deployed to Preview – web-contact August 27, 2025 14:41 Inactive
@vercel vercel bot temporarily deployed to Preview – web-contact August 27, 2025 14:51 Inactive
@vercel vercel bot temporarily deployed to Preview – web-contact August 27, 2025 14:58 Inactive
@vercel vercel bot temporarily deployed to Preview – web-contact August 27, 2025 15:01 Inactive
@vercel vercel bot temporarily deployed to Preview – web-contact September 2, 2025 15:02 Inactive
@vercel vercel bot temporarily deployed to Preview – web-contact September 3, 2025 09:52 Inactive
@vercel vercel bot temporarily deployed to Preview – web-contact September 3, 2025 10:03 Inactive
@vercel vercel bot temporarily deployed to Preview – web-contact September 3, 2025 10:15 Inactive
@vercel vercel bot temporarily deployed to Preview – web-contact September 3, 2025 10:39 Inactive
@stefanskoricdev stefanskoricdev changed the title FEAT: Add consult us form FEAT: Add consult us form and update page hero Sep 3, 2025
@vercel vercel bot temporarily deployed to Preview – web-contact September 3, 2025 10:57 Inactive
@vercel vercel bot temporarily deployed to Preview – web-contact September 3, 2025 11:10 Inactive
@vercel vercel bot temporarily deployed to Preview – web-contact September 3, 2025 11:21 Inactive
@vercel vercel bot temporarily deployed to Preview – web-contact September 3, 2025 11:26 Inactive
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@stefanskoricdev