Page MenuHomeSealhub
Create Task
Maniphest T3067

Sealgen โ€” make sure all values interpolated into HTML are properly escaped
Open, NormalPublic1 Points
Actions

Description

In every place where we interpolate some value coming in from user input in Sealgen's FormControls, we should make sure that the values are properly escaped with https://www.npmjs.com/package/escape-goat in order to avoid them messing up the structure of the HTML.

Details

Coded by
jenkins-user
Reviewed by
kuba-orlik
Action required from
kuba-orlik

Revisions and Commits

Restricted Differential Revision

Event Timeline

kuba-orlik created this task.Oct 13 2025, 17:00
Herald added a project: Kanban. ยท View Herald TranscriptOct 13 2025, 17:00
kuba-orlik moved this task from Freezer (don't take those tasks just yet) to To do on the Kanban board.Oct 13 2025, 17:00
JayNecessary claimed this task.Mon, Nov 3, 13:27
JayNecessary subscribed.
JayNecessary added a comment.Mon, Nov 3, 20:50

I made all the changes and i think i got them all so there should be no HTML injections on users end:) but whenever i make a arc diff origin/master and save changes my laptop freezes up and wont make a diff. I will try to fix that in the morning.

kuba-orlik added a comment.Mon, Nov 3, 20:56

Does it perhaps work if you add --nolint to the arc diff command? ๐Ÿค”

JayNecessary added a comment.Mon, Nov 3, 21:03

i Don't know why i didn't think of it in the first place. I think my brain is bit fried:) Thank you so much

kuba-orlik added a comment.Tue, Nov 4, 19:44

No worries โ€” it *should* work without that flag, but good to know you managed to make it running. Did you submit the diff successfully? If so, it wasn't attached to the task

JayNecessary added a comment.Wed, Nov 5, 06:09

Yes i did i will check and send it again

JayNecessary added a comment.Wed, Nov 5, 10:24

Ok looks like i messed up something in branches and now im lost how to get back to the point where i finished working on T3067 and send the diff when i finish (i started working on T2679 linting issues). I will have to restart the whole process and start working on 3067 from the start(html escape) then i will send diff again and move to the next task.

JayNecessary added a revision: Restricted Differential Revision.Thu, Nov 6, 11:47
jenkins-user removed JayNecessary as the assignee of this task.Thu, Nov 6, 11:47
jenkins-user moved this task from To do to Review on the Kanban board.
jenkins-user updated Action required from, added: FilipI.
jenkins-user claimed this task.Sun, Nov 9, 13:02
jenkins-user moved this task from Review to Doing on the Kanban board.
jenkins-user updated Reviewed by, added: kuba-orlik.
jenkins-user updated Coded by, added: jenkins-user.
jenkins-user updated Action required from, added: jenkins-user; removed: FilipI.
jenkins-user reassigned this task from jenkins-user to kuba-orlik.Tue, Nov 11, 16:12
jenkins-user moved this task from Doing to Review on the Kanban board.
jenkins-user updated Action required from, added: kuba-orlik; removed: jenkins-user.
jenkins-user subscribed.