-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Client web/7416 disable image pasting when hide image options flag is true #7428
Client web/7416 disable image pasting when hide image options flag is true #7428
Conversation
WalkthroughThe pull request introduces two distinct changes: first, in the Changes
Possibly related PRs
Suggested labels
Suggested reviewers
📜 Recent review detailsConfiguration used: .coderabbit.yaml 📒 Files selected for processing (1)
🚧 Files skipped from review as they are similar to previous changes (1)
⏰ Context from checks skipped due to timeout of 90000ms (1)
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
Documentation and Community
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 0
🔭 Outside diff range comments (1)
src/core/ui/forms/MarkdownInput/MarkdownInput.tsx (1)
Line range hint
148-187
: Add file validation for uploaded imagesConsider adding validation for:
- File size limits
- Allowed image formats
- Image dimensions
Example implementation:
const validateImageFile = (file: File) => { const MAX_SIZE = 5 * 1024 * 1024; // 5MB const ALLOWED_TYPES = ['image/jpeg', 'image/png', 'image/gif']; if (file.size > MAX_SIZE) { notify(t('components.file-upload.file-too-large'), 'error'); return false; } if (!ALLOWED_TYPES.includes(file.type)) { notify(t('components.file-upload.invalid-file-type'), 'error'); return false; } return true; };Then use it before uploading:
if (file) { + if (!validateImageFile(file)) { + return; + } const reader = new FileReader();
🧹 Nitpick comments (1)
src/core/ui/forms/MarkdownInput/MarkdownInput.tsx (1)
121-146
: Consider using a more robust HTML parsing approachWhile the current implementation works, using
string.includes('<img')
for HTML parsing could lead to false positives. Consider using a proper HTML parser or a more specific regex pattern.Example improvement:
- if (htmlContent.includes('<img')) { + const imgTagPattern = /<img[^>]*>/i; + if (imgTagPattern.test(htmlContent)) {
📜 Review details
Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (2)
src/core/ui/forms/MarkdownInput/MarkdownInput.tsx
(2 hunks)src/domain/community/contributor/organization/OrganizationVerifiedStatus.tsx
(1 hunks)
✅ Files skipped from review due to trivial changes (1)
- src/domain/community/contributor/organization/OrganizationVerifiedStatus.tsx
🧰 Additional context used
📓 Path-based instructions (1)
src/core/ui/forms/MarkdownInput/MarkdownInput.tsx (1)
Pattern src/**/*.{ts,tsx,js}
: Review the React.js/TypeScript/JavaScript code for best practices and potential bugs.
Ensure that the code adheres to TypeScript's typing system and modern standards.
Use the following code guide documentation in the codebase: 'docs/code-guidelines.md'.
Ensure sufficient error handling and logging is present, but note:
- We have a global error handler in place. So local
try/catch
blocks are not required unless they provide value beyond what the global error handler already covers. - Avoid flagging the absence of local error handling in cases where the global error handler suffices.
- Avoid flagging the absence of logging in cases where the global logger is already in place (graphql usage).
Inform about the recommendation of not using non-null assertion,
except on GraphQL queries where the variable is asserted non-null and followed by a
skip:
with the same variable.
Examples:
- Not Required: there's a skip
{
variables: { templateId: templateId! },
skip: !templateId,
}
Check for common security vulnerabilities such as:
- SQL Injection
- XSS (Cross-Site Scripting)
- CSRF (Cross-Site Request Forgery)
- Insecure dependencies
- Sensitive data exposure
🔇 Additional comments (1)
src/core/ui/forms/MarkdownInput/MarkdownInput.tsx (1)
191-203
: Review the handling of multiple images in clipboard dataThe current implementation stops processing after the first image is found. This might lead to missing additional images in the clipboard data when
hideImageOptions
is false.Consider whether this is the intended behavior. If not, you might want to:
- Process all images when
hideImageOptions
is false- Add a comment explaining why only the first image is processed
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 1
🧹 Nitpick comments (3)
src/core/ui/forms/MarkdownInput/MarkdownInput.tsx (3)
128-128
: Consider adding user feedback for storage configuration issuesWhen storage is not configured, silently falling back to default paste behavior might confuse users trying to paste images. Consider notifying users when image paste fails due to missing storage configuration.
if (!storageBucketId) { + notify(t('components.markdown-input.storage-not-configured'), 'warning'); return false; }
131-143
: Consider enhancing HTML image detectionThe current HTML image detection using
includes('<img')
might have false positives. Consider using a more robust approach like DOM parsing or regex.if (item.kind === 'string' && item.type === 'text/html') { const htmlContent = clipboardData.getData('text/html'); - return htmlContent.includes('<img'); // HTML tag with image + // Use regex to match proper img tags + return /<img[\s\S]*?src=["']?(?:[^"'>]+)["']?[^>]*>/i.test(htmlContent); }
145-155
: Add user feedback when image paste is blockedWhen
hideImageOptions
is true and an image paste is blocked, users should be notified why their paste action failed.if (isImageOrHtmlWithImage(item)) { event.preventDefault(); + notify(t('components.markdown-input.image-paste-disabled'), 'info'); return true; // Block paste of images or HTML with images }
📜 Review details
Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (1)
src/core/ui/forms/MarkdownInput/MarkdownInput.tsx
(1 hunks)
🧰 Additional context used
📓 Path-based instructions (1)
src/core/ui/forms/MarkdownInput/MarkdownInput.tsx (1)
Pattern src/**/*.{ts,tsx,js}
: Review the React.js/TypeScript/JavaScript code for best practices and potential bugs.
Ensure that the code adheres to TypeScript's typing system and modern standards.
Use the following code guide documentation in the codebase: 'docs/code-guidelines.md'.
Ensure sufficient error handling and logging is present, but note:
- We have a global error handler in place. So local
try/catch
blocks are not required unless they provide value beyond what the global error handler already covers. - Avoid flagging the absence of local error handling in cases where the global error handler suffices.
- Avoid flagging the absence of logging in cases where the global logger is already in place (graphql usage).
Inform about the recommendation of not using non-null assertion,
except on GraphQL queries where the variable is asserted non-null and followed by a
skip:
with the same variable.
Examples:
- Not Required: there's a skip
{
variables: { templateId: templateId! },
skip: !templateId,
}
Check for common security vulnerabilities such as:
- SQL Injection
- XSS (Cross-Site Scripting)
- CSRF (Cross-Site Request Forgery)
- Insecure dependencies
- Sensitive data exposure
⏰ Context from checks skipped due to timeout of 90000ms (1)
- GitHub Check: Travis CI - Pull Request
🔇 Additional comments (1)
src/core/ui/forms/MarkdownInput/MarkdownInput.tsx (1)
122-122
: LGTM: Appropriate fallback for missing clipboard dataThe return value of
false
correctly allows default paste behavior when clipboard data is unavailable.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@reactoholic I still think you're doing two redundant for-of loops. Also doubling the check for image/.
It's good that you defined a method for checking and I'd suggest:
- extract the function outside of the EditorOptions;
- instead of extracting the check, extract the onImagePaste logic, and place the check for hideImageOptions, in a single loop.
…n-hideImageOptions-flag-is-true
…n-hideImageOptions-flag-is-true
Narrowed down to one loop and pushed :) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 0
🧹 Nitpick comments (1)
src/core/ui/forms/MarkdownInput/MarkdownInput.tsx (1)
131-142
: Consider using DOM parser for more robust HTML image detection.The current HTML image detection using string includes might be fragile. Consider using DOMParser for more reliable detection:
if (item.kind === 'string' && item.type === 'text/html') { const htmlContent = clipboardData.getData('text/html'); - return htmlContent.includes('<img'); // HTML tag with image + const parser = new DOMParser(); + const doc = parser.parseFromString(htmlContent, 'text/html'); + return doc.getElementsByTagName('img').length > 0; }
📜 Review details
Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (1)
src/core/ui/forms/MarkdownInput/MarkdownInput.tsx
(1 hunks)
🧰 Additional context used
📓 Path-based instructions (1)
src/core/ui/forms/MarkdownInput/MarkdownInput.tsx (1)
Pattern src/**/*.{ts,tsx,js}
: Review the React.js/TypeScript/JavaScript code for best practices and potential bugs.
Ensure that the code adheres to TypeScript's typing system and modern standards.
Use the following code guide documentation in the codebase: 'docs/code-guidelines.md'.
Ensure sufficient error handling and logging is present, but note:
- We have a global error handler in place. So local
try/catch
blocks are not required unless they provide value beyond what the global error handler already covers. - Avoid flagging the absence of local error handling in cases where the global error handler suffices.
- Avoid flagging the absence of logging in cases where the global logger is already in place (graphql usage).
Inform about the recommendation of not using non-null assertion,
except on GraphQL queries where the variable is asserted non-null and followed by a
skip:
with the same variable.
Examples:
- Not Required: there's a skip
{
variables: { templateId: templateId! },
skip: !templateId,
}
Check for common security vulnerabilities such as:
- SQL Injection
- XSS (Cross-Site Scripting)
- CSRF (Cross-Site Request Forgery)
- Insecure dependencies
- Sensitive data exposure
⏰ Context from checks skipped due to timeout of 90000ms (1)
- GitHub Check: Travis CI - Pull Request
🔇 Additional comments (4)
src/core/ui/forms/MarkdownInput/MarkdownInput.tsx (4)
122-128
: LGTM! Early validation checks are well-placed.The early return conditions properly validate the clipboard data and storage bucket availability before proceeding with paste handling.
147-150
: LGTM! Successfully implements the image blocking requirement.The code correctly prevents image pasting when
hideImageOptions
is true, handling both direct images and HTML with embedded images.
157-172
: Improve FileReader resource handling and error cases.The FileReader implementation should include proper cleanup and error handling.
This is a duplicate of a previous review comment. The same concerns about resource cleanup and error handling in the FileReader implementation remain valid.
178-189
: LGTM! Efficient loop handling with clear comments.The break statement and return value handling are well-implemented, preventing unnecessary iterations and clearly indicating the paste event handling status.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Image pasting is disabled if hideImageOptins is true ✅
Documentation of the paste handle + optimal loop/check logic in place ✅
…n-hideImageOptions-flag-is-true
Commit # fb90270 - one line fixer for
Verified
sign for organizationsCommit # 6711095 - prevent image pasting if
hideImageOptions
flag istrue
Summary by CodeRabbit
New Features
Style
BlockTitle
component styling in the organization verified status view.