Aria fixes#74
Merged
akutuva21 merged 75 commits intoRuleWorld:mainfrom Apr 17, 2026
Merged
Conversation
Adds a descriptive aria-label ("Close cheatsheet") to the icon-only
close button in the CheatsheetModal component to improve screen reader
accessibility.
Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>
Added HTML escaping to dynamically injected strings in public/umap.html to prevent Cross-Site Scripting (XSS) when rendering model metadata in the legend and tooltip. Severity: HIGH Vulnerability: Unescaped string interpolation into innerHTML. Impact: Attackers could inject arbitrary JavaScript if a malicious model name or tags were processed. Fix: Created and applied escapeHTML function to all variables rendered into innerHTML. Verification: Ran npm run build:quick, npm run lint, verified UMAP page renders correctly. Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>
Refactored `WorkerPool.ts` to use a `Map` for O(1) pending task lookups and a dedicated `taskQueue` for FIFO task distribution, replacing the O(N) linear array searches. Modified `processQueue` to iteratively assign tasks to all available idle workers in a single call, significantly improving parallel throughput and workload distribution. Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>
…299306080536005416 🎨 Palette: Add aria-label to Cheatsheet Modal close button
…6444506796 🛡️ Sentinel: [HIGH] Fix XSS vulnerability in UMAP visualization
…9304264101392653039 ⚡ Bolt: WorkerPool task distribution optimization
- Imported `useId` from React in `ShareButton.tsx` - Generated unique IDs for modal inputs (`Model Name`, `Shareable Link`, `Embed Code`) - Associated existing text labels with inputs using `htmlFor` and `id` attributes to improve screen reader compatibility - Added `aria-hidden="true"` to the decorative SVG inside the Share button Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>
Avoid memory allocations during hot loop iterations in useRobustness. Moved loop invariant calculation `variationPercent / 100` out of the loop and replaced `Object.entries(params).forEach` with an allocation-free `for...in` loop. These allocations triggered garbage collection frequently and reduced execution speed during the repeated calls inside the inner iterations of useRobustness. Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>
…val in bnglWriter * Replace `new Function` with `SafeExpressionEvaluator.compile` in `checkMassAction` to prevent potential RCE/XSS when loading maliciously crafted SBML models. * Retain original graceful fallback behavior for malformed expressions. * Add entry to `.jules/sentinel.md` documenting the learning. Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>
…6726372455141107771
…4655105883767429551 🛡️ Sentinel: [CRITICAL] Fix arbitrary JS execution via new Function eval in bnglWriter
…30956176186460 🎨 Palette: Add explicit label associations to Share modal inputs
The .jules/ directory is already in .gitignore and should not be tracked. Removing the .Jules/palette.md file that was accidentally committed. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
* 🎨 Palette: Add aria-label to icon-only clear search button Added an explicitly descriptive `aria-label` attribute to the "Clear search" icon-only button within `SemanticSearchInput.tsx` to enhance accessibility for screen readers. Added a journal entry to document the learning. Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com> * Remove accidental .Jules artifact from PR --------- Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
…"_blank" links (#67) Added `rel="noopener noreferrer"` to all anchor tags that open in a new tab (`target="_blank"`) across various components to prevent reverse tabnabbing attacks. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
Added a comprehensive test suite for buildStateTransitionDiagram in src/lib/atomizer/rulifier/rulifier.ts, covering successful state changes, ignoring invalid rules (wrong action or mismatched targets), deduplicating unchanged states, correctly falling back to default reaction rates, and selecting the proper initial states. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
#71) Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
Added a test suite to cover all logic branches of the `getEquivalence` function, improving test coverage for the atomizer annotation module. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
…76) Refactored the fallback logic inside `ParameterEstimation.ts` to pre-calculate the `wobble` sine wave multipliers into a `Float64Array`. Replaced the array `.map()` allocation inside the nested observables loop with a pre-sized array and a fast standard `for` loop. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
…80) Wrapped sequentially blocking WebGPU `mapAsync` buffer mapping calls in `Promise.all` inside `readSSAResults` to enable concurrent reads and prevent unnecessary sequential GPU round-trips. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
…erhead (#118) Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
* 🎨 Palette: Add aria-expanded to collapsible UI panels 💡 What: Added `aria-expanded` attributes to the "Configure simulation options" and "Custom Expressions" buttons, and `aria-haspopup="dialog"` to the configuration button. 🎯 Why: These buttons toggle the visibility of complex panels. Screen readers need to know if the panel is currently expanded or collapsed. ♿ Accessibility: Improved screen reader announcements for state changes in `SimulationControls` and `ExpressionInputPanel`. Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com> * Delete .jules/palette.md --------- Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
* 🛡️ Sentinel: [CRITICAL] Fix Code Injection in JIT Compiler Replaced custom validateSafeExpression method in JIT compilation with secure AST walker, SafeExpressionEvaluator.isSafe. Added strict regex validations to restrict dynamic object destructuring inside 'new Function()' payloads to prevent code injection. Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com> * Fix Math-prefixed JIT rate validation --------- Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
…on (#120) * 🎨 Palette: [UX] Improve Dropdown accessibility and keyboard interaction Adds Escape key support to close dropdowns and properly injects aria-expanded and aria-haspopup attributes into the trigger element using React.cloneElement. Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com> * Delete .Jules/palette.md * 🎨 Palette: [UX] Improve Dropdown accessibility and keyboard interaction Fixes stale closure and wasteful render issue in handleEsc by using a functional updater. Replaces double any casts with a clean type guard using React.isValidElement<{ onClick?: React.MouseEventHandler }>. Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com> * 🎨 Palette: [UX] Improve Dropdown accessibility and keyboard interaction Fixes stale closure and wasteful render issue in handleEsc by using a functional updater. Replaces double any casts with a clean type guard using React.isValidElement<{ onClick?: React.MouseEventHandler, ... }>. Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com> * Delete .Jules/palette.md --------- Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
* ⚡ Bolt: Optimize TimeSeriesChart re-renders Wrap `TimeSeriesChart` with `React.memo` to prevent expensive re-renders in the React tree when its parent container updates but the referentially stable charting data and props have not changed. Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com> * ⚡ Bolt: stabilize React.memo props for TimeSeriesChart Update `ResultsChart.tsx` to wrap `handleToggleSeries` and `handleLegendHighlight` in `useCallback`. This guarantees referential stability for props passed to `TimeSeriesChart`, enabling `React.memo` to effectively bypass re-renders when data points are unchanged. Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com> * ⚡ Bolt: stabilize React.memo props for TimeSeriesChart Update `ResultsChart.tsx` to wrap `handleToggleSeries` and `handleLegendHighlight` in `useCallback`. This guarantees referential stability for props passed to `TimeSeriesChart`, enabling `React.memo` to effectively bypass re-renders when data points are unchanged. Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com> --------- Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
* feat(a11y): add aria-label to Help Dropdown trigger Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com> * Delete .Jules/palette.md --------- Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
…#125) Added `aria-expanded` and `aria-controls` to the "Parameter Sliders" toggle button and an `id` to its associated panel in `components/EditorPanel.tsx` to improve screen reader accessibility. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
* 🎨 Palette: Replace focus: with focus-visible: on Buttons Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com> * Delete .Jules/palette.md --------- Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.