Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[DEV-19242] Feature - Sharing & Downloading #1212

Draft
wants to merge 29 commits into
base: main
Choose a base branch
from
Draft

[DEV-19242] Feature - Sharing & Downloading #1212

wants to merge 29 commits into from

Conversation

yuriyyakym
Copy link
Contributor

No description provided.

@yuriyyakym yuriyyakym self-assigned this Jan 22, 2025
@vercel Vercel
Copy link

vercel bot commented Jan 22, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
theme-nextjs-bea-preview ❌ Failed (Inspect) Jan 31, 2025 3:46am
3 Skipped Deployments
Name Status Preview Comments Updated (UTC)
theme-nextjs-bea-cookbook ⬜️ Ignored (Inspect) Visit Preview Jan 31, 2025 3:46am
theme-nextjs-bea-photography ⬜️ Ignored (Inspect) Visit Preview Jan 31, 2025 3:46am
theme-nextjs-bea-the-good-newsroom ⬜️ Ignored (Inspect) Visit Preview Jan 31, 2025 3:46am

@yuriyyakym yuriyyakym force-pushed the feature/sharing-and-downloading branch from 59e3b0d to 4a19da8 Compare January 22, 2025 13:13
@yuriyyakym yuriyyakym force-pushed the feature/sharing-and-downloading branch from 8587d87 to 7d63878 Compare January 23, 2025 09:30
@yuriyyakym
Improve copying article as text
57c590d 
- Refactoring
- Nice output formatting
- Extracting unnecessary code to be lazy loaded / called as an server function in order to reduce page load time
github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 30, 2025
View reviewed changes
modules/Story/Share/utils/copyStoryText.ts
const clonedElement = element.cloneNode(true) as HTMLElement;

clonedElement.querySelectorAll('table').forEach((node) => {
node.outerHTML = `<div>${htmlTableToPlainText(node)}</div>`;

Check warning

Code scanning / CodeQL

DOM text reinterpreted as HTML Medium

DOM text
Loading
is reinterpreted as HTML without escaping meta-characters.

Copilot Autofix AI 3 days ago

To fix the problem, we need to ensure that any text content extracted from the DOM is properly escaped before being reinserted as HTML. This can be achieved by using a function that escapes HTML meta-characters, such as &, <, >, ", and '. We will create a utility function to perform this escaping and use it in the htmlTableToPlainText function.

  • Create a utility function escapeHtml to escape HTML meta-characters.
  • Use the escapeHtml function to escape the content before inserting it into the <div> element in the htmlTableToPlainText function.
Suggested changeset 1
modules/Story/Share/utils/copyStoryText.ts

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/modules/Story/Share/utils/copyStoryText.ts b/modules/Story/Share/utils/copyStoryText.ts
--- a/modules/Story/Share/utils/copyStoryText.ts
+++ b/modules/Story/Share/utils/copyStoryText.ts
@@ -4,2 +4,13 @@
 
+function escapeHtml(text: string): string {
+    const map: Record<string, string> = {
+        '&': '&amp;',
+        '<': '&lt;',
+        '>': '&gt;',
+        '"': '&quot;',
+        "'": '&#039;',
+    };
+    return text.replace(/[&<>"']/g, function(m) { return map[m]; });
+}
+
 type TagName = string;
@@ -48,3 +59,3 @@
     clonedElement.querySelectorAll('table').forEach((node) => {
-        node.outerHTML = `<div>${htmlTableToPlainText(node)}</div>`;
+        node.outerHTML = `<div>${escapeHtml(htmlTableToPlainText(node))}</div>`;
     });
EOF
@@ -4,2 +4,13 @@

function escapeHtml(text: string): string {
const map: Record<string, string> = {
'&': '&amp;',
'<': '&lt;',
'>': '&gt;',
'"': '&quot;',
"'": '&#039;',
};
return text.replace(/[&<>"']/g, function(m) { return map[m]; });
}

type TagName = string;
@@ -48,3 +59,3 @@
clonedElement.querySelectorAll('table').forEach((node) => {
node.outerHTML = `<div>${htmlTableToPlainText(node)}</div>`;
node.outerHTML = `<div>${escapeHtml(htmlTableToPlainText(node))}</div>`;
});
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@yuriyyakym yuriyyakym

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@yuriyyakym