Skip to content

wip #487

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
cyclotruc wants to merge 9 commits into from
Closed

wip #487

cyclotruc wants to merge 9 commits into from

Conversation

@cyclotruc
Copy link
Member

@cyclotruc cyclotruc commented Aug 4, 2025

No description provided.

github-advanced-security[bot]
github-advanced-security bot found potential problems Aug 4, 2025
View reviewed changes
src/static/js/utils_ai.js
function setAIButtonLoadingState(submitButton, isLoading) {
if (!isLoading) {
submitButton.disabled = false;
submitButton.innerHTML = submitButton.getAttribute('data-original-content') || 'Ingest';

Check warning

Code scanning / CodeQL

DOM text reinterpreted as HTML Medium

DOM text
Loading
is reinterpreted as HTML without escaping meta-characters.

Copilot Autofix

AI 4 months ago

To fix the problem, we need to ensure that any text assigned to submitButton.innerHTML is properly escaped so that it cannot be interpreted as HTML. The best way to do this is to use textContent instead of innerHTML when restoring the button's original content, as textContent will treat the value as plain text and not parse it as HTML. However, since the loading state uses HTML (a spinner SVG and markup), we need to use innerHTML only for the loading state, and use textContent for restoring the original button label.

Specifically, in the setAIButtonLoadingState function:

  • When restoring the button to its original state (isLoading === false), set submitButton.textContent to the value of data-original-content (or 'Ingest').
  • When entering the loading state, continue to use innerHTML for the spinner markup.

This change should be made in the region around line 102 in src/static/js/utils_ai.js.

Suggested changeset 1
src/static/js/utils_ai.js

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/src/static/js/utils_ai.js b/src/static/js/utils_ai.js
--- a/src/static/js/utils_ai.js
+++ b/src/static/js/utils_ai.js
@@ -101,3 +101,3 @@
         submitButton.disabled = false;
-        submitButton.innerHTML = submitButton.getAttribute('data-original-content') || 'Ingest';
+        submitButton.textContent = submitButton.getAttribute('data-original-content') || 'Ingest';
         submitButton.classList.remove('bg-[#ffb14d]', 'opacity-75', 'cursor-not-allowed');
EOF
@@ -101,3 +101,3 @@
submitButton.disabled = false;
submitButton.innerHTML = submitButton.getAttribute('data-original-content') || 'Ingest';
submitButton.textContent = submitButton.getAttribute('data-original-content') || 'Ingest';
submitButton.classList.remove('bg-[#ffb14d]', 'opacity-75', 'cursor-not-allowed');
Copilot is powered by AI and may make mistakes. Always verify output.
@coderamp-labs coderamp-labs deleted a comment from github-actions bot Aug 5, 2025
@github-actions
Copy link

github-actions bot commented Aug 5, 2025

This pull request has merge conflicts that must be resolved before it can be merged.

@github-actions
Copy link

github-actions bot commented Aug 5, 2025

This pull request has resolved merge conflicts and is ready for review.

@github-actions
Copy link

github-actions bot commented Aug 11, 2025

This pull request has merge conflicts that must be resolved before it can be merged.

@github-actions
Copy link

github-actions bot commented Sep 26, 2025

Hi there! We haven’t seen activity on this pull request for 45 days, so I’m marking it as stale.
If you’d like to keep it open, please leave a comment within 10 days. Thanks!

@github-actions github-actions bot added the stale label Sep 26, 2025
@github-actions
Copy link

github-actions bot commented Oct 6, 2025

Hi there! We haven’t heard anything for 10 days, so I’m closing this pull request. Feel free to reopen if you’d like to continue working on it. Thanks!

@github-actions github-actions bot closed this Oct 6, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

deploy-pr-temp-env rebase needed 🚧 stale

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@cyclotruc @NicolasIRAGNE