Escape HTML tags in error messages on Source Data Information screen #889
Conversation
|
Thanks for catching this and pushing a fix!
Please give it a try and let us know (preferably with screenshot of new error to match expectation), since I don't have a version of the data with invalid The developer installation instructions can be found here: https://nwb-guide.readthedocs.io/en/stable/developer_guide.html#installation |
|
I'm not sure when I can get around to setting it up, but here's a minimal example: guide-error-example.zip It's not valid data, but it gets far enough to trigger this bug. |
|
Thanks @dhmjhu for the PR and minimal example! I was able to demonstrate the fix: 
|
|
@rly Looks like you should generate and set a new token for chromatic |
|
Ah, I reset the Chromatic project token and it still failed. Then I realized this is a security feature of GitHub Actions -- PRs from forks do not have access to this repo's secrets. So Chromatic cannot run (unless we add the token to the fork). There are workarounds that have some risk. How do you think we should proceed @CodyCBakerPhD ? |
|
I would propose merging this to a copy of current main ( I've adjusted the target of this PR |
|
Good idea. Let's do that. |
Summary
On the Source Data Information screen, not all parts of error messages returned by the server are properly escaped.
Example
Trying to select a Kilosort directory with an invalid
params.pyresulted in the following message:The actual response from the server was:
{"message": "invalid syntax (<string>, line 3)", "type": "SyntaxError"}Cause
While angle brackets in
textare converted to HTML entities,typeis left alone.nwb-guide/src/electron/frontend/core/components/pages/guided-mode/data/GuidedSourceData.js
Lines 123 to 130 in 29599c1
Fix
Performing the same replacements on
typeshould resolve this.I have not tested this change, as I don't have an appropriate environment set up right now.