Skip to content

Sanitize UI, improve edit persistence, and refine API handling#9

Merged
shmukit merged 3 commits into
fix/kit-mixin-type-stubsfrom
main
Jun 8, 2026
Merged

Sanitize UI, improve edit persistence, and refine API handling#9
shmukit merged 3 commits into
fix/kit-mixin-type-stubsfrom
main

Conversation

@shmukit

@shmukit shmukit commented Jun 8, 2026

Copy link
Copy Markdown
Owner

Description

Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. List any dependencies that are required for this change.

Fixes # (issue)

Type of change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • This change requires a documentation update

How Has This Been Tested?

Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration.

  • Unit Tests
  • Integration Tests
  • Manual UI Verification

Checklist:

  • My code follows the style guidelines of this project
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • My changes generate no new warnings
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes
  • Any dependent changes have been merged and published in downstream modules

shmukit and others added 3 commits May 4, 2026 12:27
Add input/output sanitization and escaping across draft and review UIs, improve status class handling, and make edit persistence more robust.

Changes include:
- Backend: refine_explanation now returns a merged refined_question with detailed_explanation and model/timestamp metadata.
- UI: store pipeline config on load for DraftController use.
- Add escapeHtml and sanitizeRenderedHtml helpers to prevent XSS and strip dangerous attributes/tags from rendered HTML/Markdown.
- Escape IDs, filenames, status messages and other user-provided strings when injecting HTML to DOM.
- Normalize status-based class names via statusClassName to avoid invalid CSS classes.
- DraftController: derive paperCode from filename, use pipelineConfig default subject, and ensure safe IDs in generated cards and action buttons.
- ReviewController: escape editable fields when rendering, sanitize Markdown output before inserting into DOM, and sanitize preview content.
- saveCurrentEdits: changed to support force saves, guard against missing draft data, and only save when needed.
- Publish/refine flows now await saves; acceptAll/rejectCurrentQuestion made async and properly await publish/save operations. refineQuestion handling updated to accept either a full refined_question or fallback to updating generated_content.detailed_explanation.

These changes aim to harden the UI against XSS, ensure consistent class names, and make the save/publish/refine flows more reliable.
Sanitize UI & escaping; persist edits; API tweak
@shmukit
shmukit merged commit 18a1f27 into fix/kit-mixin-type-stubs Jun 8, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants