Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Interactions: Escape xml of interactions errors #29414

Merged
merged 1 commit into from
Oct 21, 2024

Conversation

kasperpeulen
Copy link
Contributor

@kasperpeulen kasperpeulen commented Oct 21, 2024

Closes #29306

Fixes html elements in interaction errors:
image

What I did

Escape html elements in interaction errors

Checklist for Contributors

Testing

The changes in this PR are covered in the following automated tests:

  • stories
  • unit tests
  • integration tests
  • end-to-end tests

Manual testing

This section is mandatory for all contributions. If you believe no manual test is necessary, please state so explicitly. Thanks!

Documentation

  • Add or update documentation reflecting your changes
  • If you are deprecating/removing a feature, make sure to update
    MIGRATION.MD

Checklist for Maintainers

  • When this PR is ready for testing, make sure to add ci:normal, ci:merged or ci:daily GH label to it to run a specific set of sandboxes. The particular set of sandboxes can be found in code/lib/cli/src/sandbox-templates.ts

  • Make sure this PR contains one of the labels below:

    Available labels
    • bug: Internal changes that fixes incorrect behavior.
    • maintenance: User-facing maintenance tasks.
    • dependencies: Upgrading (sometimes downgrading) dependencies.
    • build: Internal-facing build tooling & test updates. Will not show up in release changelog.
    • cleanup: Minor cleanup style change. Will not show up in release changelog.
    • documentation: Documentation only changes. Will not show up in release changelog.
    • feature request: Introducing a new feature.
    • BREAKING CHANGE: Changes that break compatibility in some way with current major version.
    • other: Changes that don't fit in the above categories.

🦋 Canary release

This PR does not have a canary release associated. You can request a canary release of this pull request by mentioning the @storybookjs/core team here.

core team members can create a canary release here or locally with gh workflow run --repo storybookjs/storybook canary-release-pr.yml --field pr=<PR_NUMBER>

name before after diff z %
createSize 0 B 0 B 0 B - -
generateSize 78.7 MB 78.7 MB 0 B 1.42 0%
initSize 147 MB 147 MB 13 B 1.35 0%
diffSize 68.3 MB 68.3 MB 13 B 1.2 0%
buildSize 6.79 MB 6.79 MB 13 B 0.76 0%
buildSbAddonsSize 1.5 MB 1.5 MB 13 B 0.29 0%
buildSbCommonSize 195 kB 195 kB 0 B - 0%
buildSbManagerSize 1.83 MB 1.83 MB 0 B 0.68 0%
buildSbPreviewSize 270 kB 270 kB 0 B -0.65 0%
buildStaticSize 0 B 0 B 0 B - -
buildPrebuildSize 3.8 MB 3.8 MB 13 B 0.78 0%
buildPreviewSize 2.99 MB 2.99 MB 0 B -0.65 0%
testBuildSize 0 B 0 B 0 B - -
testBuildSbAddonsSize 0 B 0 B 0 B - -
testBuildSbCommonSize 0 B 0 B 0 B - -
testBuildSbManagerSize 0 B 0 B 0 B - -
testBuildSbPreviewSize 0 B 0 B 0 B - -
testBuildStaticSize 0 B 0 B 0 B - -
testBuildPrebuildSize 0 B 0 B 0 B - -
testBuildPreviewSize 0 B 0 B 0 B - -
name before after diff z %
createTime 16.7s 5.6s -11s -114ms -1.16 -196.8%
generateTime 21.4s 21.4s -70ms -0.1 -0.3%
initTime 13.9s 14.8s 865ms -0.02 5.8%
buildTime 8s 11.8s 3.8s 3.74 🔺32.2%
testBuildTime 0ms 0ms 0ms - -
devPreviewResponsive 5.3s 7.3s 1.9s 1.35 🔺26.9%
devManagerResponsive 3.5s 4.6s 1s 1.08 22.7%
devManagerHeaderVisible 520ms 844ms 324ms 2.38 🔺38.4%
devManagerIndexVisible 555ms 891ms 336ms 2.36 🔺37.7%
devStoryVisibleUncached 863ms 829ms -34ms -0.67 -4.1%
devStoryVisible 556ms 892ms 336ms 2.38 🔺37.7%
devAutodocsVisible 421ms 564ms 143ms 0.49 25.4%
devMDXVisible 428ms 691ms 263ms 2.12 🔺38.1%
buildManagerHeaderVisible 446ms 585ms 139ms 0.54 23.8%
buildManagerIndexVisible 449ms 587ms 138ms 0.3 23.5%
buildStoryVisible 524ms 626ms 102ms 0.39 16.3%
buildAutodocsVisible 390ms 502ms 112ms 0.03 22.3%
buildMDXVisible 434ms 614ms 180ms 1.31 🔺29.3%

Greptile Summary

This pull request adds XML escaping to the ANSI-to-HTML conversion in the Storybook interactions addon, enhancing security against potential XSS vulnerabilities.

  • Modified createAnsiToHtmlFilter function in code/addons/interactions/src/utils.ts to include escapeXML: true option
  • Improves safety of rendered output in the interactions panel
  • Simple yet effective security enhancement for the addon
  • No changes to the addon's core functionality or API

Copy link
Contributor

@greptile-apps greptile-apps bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

1 file(s) reviewed, no comment(s)
Edit PR Review Bot Settings | Greptile

@kasperpeulen kasperpeulen changed the title Interactions: Escape xml Interactions: Escape xml of interactions errors Oct 21, 2024
Copy link

nx-cloud bot commented Oct 21, 2024

☁️ Nx Cloud Report

CI is running/has finished running commands for commit 453d243. As they complete they will appear below. Click to see the status, the terminal output, and the build insights.

📂 See all runs for this CI Pipeline Execution


✅ Successfully ran 2 targets

Sent with 💌 from NxCloud.

@valentinpalkovic valentinpalkovic merged commit 387ca48 into next Oct 21, 2024
61 of 79 checks passed
@valentinpalkovic valentinpalkovic deleted the kasper/escape-xml branch October 21, 2024 11:21
@github-actions github-actions bot mentioned this pull request Oct 21, 2024
11 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[Bug]: Interactions panel is rendering inline HTML in error messages
2 participants