Resolve CodeQL query alert 56

[roslynwythe]

Prerequisite

1. Be a member of Hack for LA. (There are no fees to join.) If you have not joined yet, please follow the steps on our Getting Started page.
2. Before you claim or start working on an issue, please make sure you have read our How to Contribute to Hack for LA Guide.

Overview

We need to analyze the query "Use of returnless function" which appears in the CodeQL code alert 56 then either recommend dismissal of the alert or update code to resolve the alert.

Action Items

• DO NOT DISMISS ANY ALERTS. Dismissal of alerts should be done by dev leads only after review of the recommendation
• Browse to the links in the following two Action Item and read the contents. Click "See More" to view Recommendations, Examples and References.
• https://github.com/hackforla/website/security/code-scanning/56
• In a comment in this issue, add your analysis and recommendations. For each alert, the recommendation can be one of the following: dismiss as test, dismiss as false positive, dismiss as won't fix, or update code.
• If the recommendation is to update code:
  • create an issue branch and proceed with the code update
  • Use docker to test locally, ensuring that there are no changes to any affected webpage(s)
  • proceed with pull request in the usual manner
• If the recommendation is to dismiss, describe your reason for dismissal in the comment, then move the issue to Questions/In Review and apply the label ready for dev lead.

For merge team/dev lead

• If recommendation to dismiss is approved, dismiss the alert with a comment, then close the issue as completed.
• When this issue is closed please check it off (under "Issues") in Create issues to resolve all open CodeQL alerts #5159. If all child issues are closed, close Create issues to resolve all open CodeQL alerts #5159 as completed.

Resources/Instructions

• GitHub CodeQL documentation
• This issue is part of Create Issues for Analysis of CodeQL alerts #5060

[github-actions]

Hi @ajb176, thank you for taking up this issue! Hfla appreciates you :)

Do let fellow developers know about your:-
i. Availability: (When are you available to work on the issue/answer questions other programmers might have about your issue?)
ii. ETA: (When do you expect this issue to be completed?)

You're awesome!

P.S. - You may not take up another issue until this issue gets merged (or closed). Thanks again :)

[ajb176]

ETA: One week
Availability: Evenings

[ajb176]

The code should be updated.

Firstly, the same returnless function also occurs in the right-col-content.js file in the same directory, which is importing the same script from ./utility, so this and issue #6479 should be dealt with the same way. Because the issue has already been assigned, I'll just try to coordinate with them.

What seems to be happening is addEventListener is meant to take a function reference with no parameters as an argument, but because a function called InsertEventSchedule with parameters is called, the script immediately runs the function to try to pass its return value as the parameter to addEventListener.

The code is meant to wait until the DOM content is loaded before firing a callback function, but because the callback function isn't formatted correctly, it fires before the condition is necessarily met. In other words, the function tries to populate the event schedule before the DOM content is loaded, despite clearly being designed to wait for the DOM content to load before populating the event schedule.

When I visit HFLA live pages that use the script, they seem to work fine because adding the event schedule just takes more time and the DOM content loads quickly anyway. But the code can be re-factored to fix the CodeQL issue easily by using either an arrow function or an anonymous function.