From 5fd8ebf171abcc0a3f561c5f674c0a3b2ce6e350 Mon Sep 17 00:00:00 2001
From: LB Johnston <mail@lb.ee>
Date: Fri, 10 Nov 2023 06:29:34 +1000
Subject: [PATCH] SwapController - Ensure untrusted data sources are logged
 correctly

Avoids the rare case of `requestUrl` being used to log out an object
Fixes #11212
---
 CHANGELOG.txt                                 | 1 +
 client/src/controllers/SwapController.test.js | 3 ++-
 client/src/controllers/SwapController.ts      | 2 +-
 docs/releases/6.1.md                          | 1 +
 4 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index 5dbe41bca8..4c3450d412 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -57,6 +57,7 @@ Changelog
  * Maintenance: Refactor `page_breadcrumbs` tag to use shared `breadcrumbs.html` template (Sage Abdullah)
  * Maintenance: Add `keyboard` icon to admin icon set (Rohit Sharma)
  * Maintenance: Remove dead code in the minimap when elements are not found (LB (Ben) Johnston)
+ * Maintenance: Ensure untrusted data sources are logged correctly in the Stimulus `SwapController` (LB (Ben) Johnston)
 
 
 6.0.2 (xx.xx.xxxx) - IN DEVELOPMENT
diff --git a/client/src/controllers/SwapController.test.js b/client/src/controllers/SwapController.test.js
index 538376c10e..f431ade6dc 100644
--- a/client/src/controllers/SwapController.test.js
+++ b/client/src/controllers/SwapController.test.js
@@ -410,7 +410,8 @@ describe('SwapController', () => {
 
       // eslint-disable-next-line no-console
       expect(console.error).toHaveBeenLastCalledWith(
-        'Error fetching /admin/images/results/?q=alpha',
+        'Error fetching %s',
+        '/admin/images/results/?q=alpha',
         expect.any(Error),
       );
 
diff --git a/client/src/controllers/SwapController.ts b/client/src/controllers/SwapController.ts
index 250f844b2b..7bbdc71d3a 100644
--- a/client/src/controllers/SwapController.ts
+++ b/client/src/controllers/SwapController.ts
@@ -303,7 +303,7 @@ export class SwapController extends Controller<
           target,
         });
         // eslint-disable-next-line no-console
-        console.error(`Error fetching ${requestUrl}`, error);
+        console.error('Error fetching %s', requestUrl, error);
       })
       .finally(() => {
         if (signal === this.abortController?.signal) {
diff --git a/docs/releases/6.1.md b/docs/releases/6.1.md
index 846a8cdcc3..2cad8a5981 100644
--- a/docs/releases/6.1.md
+++ b/docs/releases/6.1.md
@@ -79,6 +79,7 @@ depth: 1
  * Refactor `page_breadcrumbs` tag to use shared `breadcrumbs.html` template (Sage Abdullah)
  * Add `keyboard` icon to admin icon set (Rohit Sharma)
  * Remove dead code in the minimap when elements are not found (LB (Ben) Johnston)
+ * Ensure untrusted data sources are logged correctly in the Stimulus `SwapController` (LB (Ben) Johnston)
 
 
 ## Upgrade considerations