Skip to content

[dev] [Marfuen] mariano/comp-190-unable-to-edit-policy-name-or-description-after-creating#839

Merged
Marfuen merged 8 commits into
mainfrom
mariano/comp-190-unable-to-edit-policy-name-or-description-after-creating
Jun 8, 2025
Merged

[dev] [Marfuen] mariano/comp-190-unable-to-edit-policy-name-or-description-after-creating#839
Marfuen merged 8 commits into
mainfrom
mariano/comp-190-unable-to-edit-policy-name-or-description-after-creating

Conversation

@github-actions
Copy link
Copy Markdown
Contributor

@github-actions github-actions Bot commented Jun 8, 2025

This is an automated pull request to merge mariano/comp-190-unable-to-edit-policy-name-or-description-after-creating into dev.
It was created by the [Auto Pull Request] action.

@linear
Copy link
Copy Markdown

linear Bot commented Jun 8, 2025

COMP-190 Unable to edit policy name or description after creating

@vercel
Copy link
Copy Markdown

vercel Bot commented Jun 8, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
app ✅ Ready (Inspect) Visit Preview 💬 Add feedback Jun 8, 2025 4:26pm
comp-framework-editor ✅ Ready (Inspect) Visit Preview 💬 Add feedback Jun 8, 2025 4:26pm
comp-trust ✅ Ready (Inspect) Visit Preview 💬 Add feedback Jun 8, 2025 4:26pm
1 Skipped Deployment
Name Status Preview Comments Updated (UTC)
comp-portal ⬜️ Skipped (Inspect) Jun 8, 2025 4:26pm

github-advanced-security[bot]
github-advanced-security AI found potential problems Jun 8, 2025
View reviewed changes
Comment thread apps/app/src/actions/schema.ts
.max(1000, "Comment content should be at most 1000 characters")
.transform((val) => {
// Remove any HTML tags
return val.replace(/<[^>]*>/g, "");

Check failure

Code scanning / CodeQL

Incomplete multi-character sanitization High

This string may still contain
<script
Loading
, which may cause an HTML element injection vulnerability.

Copilot Autofix

AI 12 months ago

To address the issue, we will replace the current single-pass regular expression sanitization with a more robust approach. Specifically, we will repeatedly apply the regular expression replacement until no more matches are found. This ensures that all instances of HTML tags, including nested or malformed ones, are removed. Additionally, we will consider using a well-tested library like sanitize-html for more comprehensive sanitization if the project allows external dependencies.

The fix involves modifying the .transform() function in the addCommentSchema to repeatedly apply the regular expression replacement. This ensures that all HTML tags are removed, even in edge cases.

Suggested changeset 1
apps/app/src/actions/schema.ts

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/apps/app/src/actions/schema.ts b/apps/app/src/actions/schema.ts
--- a/apps/app/src/actions/schema.ts
+++ b/apps/app/src/actions/schema.ts
@@ -325,4 +325,9 @@
     .transform((val) => {
-      // Remove any HTML tags
-      return val.replace(/<[^>]*>/g, "");
+      // Remove any HTML tags, including nested or malformed ones
+      let previous;
+      do {
+        previous = val;
+        val = val.replace(/<[^>]*>/g, "");
+      } while (val !== previous);
+      return val;
     }),
EOF
@@ -325,4 +325,9 @@
.transform((val) => {
// Remove any HTML tags
return val.replace(/<[^>]*>/g, "");
// Remove any HTML tags, including nested or malformed ones
let previous;
do {
previous = val;
val = val.replace(/<[^>]*>/g, "");
} while (val !== previous);
return val;
}),
Copilot is powered by AI and may make mistakes. Always verify output.
@vercel vercel Bot temporarily deployed to Preview – comp-portal June 8, 2025 16:22 Inactive
@vercel vercel Bot temporarily deployed to Preview – comp-portal June 8, 2025 16:25 Inactive
@Marfuen Marfuen merged commit 6d66761 into main Jun 8, 2025
7 of 10 checks passed
@Marfuen Marfuen deleted the mariano/comp-190-unable-to-edit-policy-name-or-description-after-creating branch June 8, 2025 16:25
@Marfuen Marfuen mentioned this pull request Jun 8, 2025
Merged
@Marfuen Marfuen restored the mariano/comp-190-unable-to-edit-policy-name-or-description-after-creating branch June 8, 2025 16:30
@claudfuen
Copy link
Copy Markdown
Contributor

claudfuen commented Jun 8, 2025

🎉 This PR is included in version 1.36.3 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

automated-pr released

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@claudfuen @github-advanced-security @Marfuen