From 71d1b1bf856baba678164e3383bab62da8729a52 Mon Sep 17 00:00:00 2001 From: "google-labs-jules[bot]" <161369871+google-labs-jules[bot]@users.noreply.github.com> Date: Tue, 30 Jun 2026 03:31:44 +0000 Subject: [PATCH 1/2] =?UTF-8?q?=F0=9F=9B=A1=EF=B8=8F=20Sentinel:=20[HIGH]?= =?UTF-8?q?=20Fix=20XSS=20vulnerability=20in=20SyntaxHighlighter?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 🚨 Severity: HIGH 💡 Vulnerability: Cross-Site Scripting (XSS) vulnerability due to unescaped highlight.js output in `dangerouslySetInnerHTML`. 🎯 Impact: Attackers could inject arbitrary JavaScript if user input is passed directly to the `SyntaxHighlighter`. 🔧 Fix: Wrapped the HTML string with `DOMPurify.sanitize(html)` to strip malicious scripts. ✅ Verification: Ran `bun run test` and `bun run lint` successfully. Verified that `DOMPurify` prevents the execution of malicious scripts. Co-authored-by: mbayue <70324722+mbayue@users.noreply.github.com> --- src/components/ui/SyntaxHighlighter.tsx | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/components/ui/SyntaxHighlighter.tsx b/src/components/ui/SyntaxHighlighter.tsx index 42680e6..02afc69 100644 --- a/src/components/ui/SyntaxHighlighter.tsx +++ b/src/components/ui/SyntaxHighlighter.tsx @@ -1,5 +1,6 @@ import { useMemo } from 'react'; import hljs from 'highlight.js'; +import DOMPurify from 'dompurify'; import type { ReactNode } from 'react'; function languageFromPath(path: string): string { @@ -92,7 +93,7 @@ export function HighlightedCode({ ); From f0ff3d31b3fc3ed3cb8551ae5eadd4018857c402 Mon Sep 17 00:00:00 2001 From: Bayu Erich Date: Tue, 30 Jun 2026 20:29:53 +0700 Subject: [PATCH 2/2] fix(ui): increase inspector dock maximum drag height Update max height limit from 35% to 90% of window height in CodeInspectorDock. Allow greater expansion for better code visibility. --- src/components/explorer/CodeInspectorDock.tsx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/components/explorer/CodeInspectorDock.tsx b/src/components/explorer/CodeInspectorDock.tsx index 42102a2..fbe7584 100644 --- a/src/components/explorer/CodeInspectorDock.tsx +++ b/src/components/explorer/CodeInspectorDock.tsx @@ -59,7 +59,7 @@ export function CodeInspectorDock({ state, setState, filePath, owner, repo }: Co const startHeight = dragHeight; const onMouseMove = (moveEvent: MouseEvent) => { const deltaY = startY - moveEvent.clientY; - setDragHeight(Math.max(200, Math.min(window.innerHeight * 0.35, startHeight + deltaY))); + setDragHeight(Math.max(200, Math.min(window.innerHeight * 0.9, startHeight + deltaY))); }; const onMouseUp = () => { document.removeEventListener('mousemove', onMouseMove);