From 71d1b1bf856baba678164e3383bab62da8729a52 Mon Sep 17 00:00:00 2001
From: "google-labs-jules[bot]"
<161369871+google-labs-jules[bot]@users.noreply.github.com>
Date: Tue, 30 Jun 2026 03:31:44 +0000
Subject: [PATCH 1/2] =?UTF-8?q?=F0=9F=9B=A1=EF=B8=8F=20Sentinel:=20[HIGH]?=
=?UTF-8?q?=20Fix=20XSS=20vulnerability=20in=20SyntaxHighlighter?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
🚨 Severity: HIGH
💡 Vulnerability: Cross-Site Scripting (XSS) vulnerability due to unescaped highlight.js output in `dangerouslySetInnerHTML`.
🎯 Impact: Attackers could inject arbitrary JavaScript if user input is passed directly to the `SyntaxHighlighter`.
🔧 Fix: Wrapped the HTML string with `DOMPurify.sanitize(html)` to strip malicious scripts.
✅ Verification: Ran `bun run test` and `bun run lint` successfully. Verified that `DOMPurify` prevents the execution of malicious scripts.
Co-authored-by: mbayue <70324722+mbayue@users.noreply.github.com>
---
src/components/ui/SyntaxHighlighter.tsx | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/components/ui/SyntaxHighlighter.tsx b/src/components/ui/SyntaxHighlighter.tsx
index 42680e6..02afc69 100644
--- a/src/components/ui/SyntaxHighlighter.tsx
+++ b/src/components/ui/SyntaxHighlighter.tsx
@@ -1,5 +1,6 @@
import { useMemo } from 'react';
import hljs from 'highlight.js';
+import DOMPurify from 'dompurify';
import type { ReactNode } from 'react';
function languageFromPath(path: string): string {
@@ -92,7 +93,7 @@ export function HighlightedCode({
);
From f0ff3d31b3fc3ed3cb8551ae5eadd4018857c402 Mon Sep 17 00:00:00 2001
From: Bayu Erich
Date: Tue, 30 Jun 2026 20:29:53 +0700
Subject: [PATCH 2/2] fix(ui): increase inspector dock maximum drag height
Update max height limit from 35% to 90% of window height in CodeInspectorDock. Allow greater expansion for better code visibility.
---
src/components/explorer/CodeInspectorDock.tsx | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/components/explorer/CodeInspectorDock.tsx b/src/components/explorer/CodeInspectorDock.tsx
index 42102a2..fbe7584 100644
--- a/src/components/explorer/CodeInspectorDock.tsx
+++ b/src/components/explorer/CodeInspectorDock.tsx
@@ -59,7 +59,7 @@ export function CodeInspectorDock({ state, setState, filePath, owner, repo }: Co
const startHeight = dragHeight;
const onMouseMove = (moveEvent: MouseEvent) => {
const deltaY = startY - moveEvent.clientY;
- setDragHeight(Math.max(200, Math.min(window.innerHeight * 0.35, startHeight + deltaY)));
+ setDragHeight(Math.max(200, Math.min(window.innerHeight * 0.9, startHeight + deltaY)));
};
const onMouseUp = () => {
document.removeEventListener('mousemove', onMouseMove);