Skip to content

wip #487

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 9 commits into
base: main
Choose a base branch
from
Draft

wip #487

wants to merge 9 commits into from

Conversation

cyclotruc
Copy link
Member

No description provided.

github-advanced-security[bot]
github-advanced-security bot found potential problems Aug 4, 2025
View reviewed changes
src/static/js/utils_ai.js
function setAIButtonLoadingState(submitButton, isLoading) {
if (!isLoading) {
submitButton.disabled = false;
submitButton.innerHTML = submitButton.getAttribute('data-original-content') || 'Ingest';

Check warning

Code scanning / CodeQL

DOM text reinterpreted as HTML Medium

DOM text
Loading
is reinterpreted as HTML without escaping meta-characters.

Copilot Autofix

AI 10 days ago

To fix the problem, we need to ensure that any text assigned to submitButton.innerHTML is properly escaped so that it cannot be interpreted as HTML. The best way to do this is to use textContent instead of innerHTML when restoring the button's original content, as textContent will treat the value as plain text and not parse it as HTML. However, since the loading state uses HTML (a spinner SVG and markup), we need to use innerHTML only for the loading state, and use textContent for restoring the original button label.

Specifically, in the setAIButtonLoadingState function:

  • When restoring the button to its original state (isLoading === false), set submitButton.textContent to the value of data-original-content (or 'Ingest').
  • When entering the loading state, continue to use innerHTML for the spinner markup.

This change should be made in the region around line 102 in src/static/js/utils_ai.js.

Suggested changeset 1
src/static/js/utils_ai.js

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/src/static/js/utils_ai.js b/src/static/js/utils_ai.js
--- a/src/static/js/utils_ai.js
+++ b/src/static/js/utils_ai.js
@@ -101,3 +101,3 @@
         submitButton.disabled = false;
-        submitButton.innerHTML = submitButton.getAttribute('data-original-content') || 'Ingest';
+        submitButton.textContent = submitButton.getAttribute('data-original-content') || 'Ingest';
         submitButton.classList.remove('bg-[#ffb14d]', 'opacity-75', 'cursor-not-allowed');
EOF
@@ -101,3 +101,3 @@
submitButton.disabled = false;
submitButton.innerHTML = submitButton.getAttribute('data-original-content') || 'Ingest';
submitButton.textContent = submitButton.getAttribute('data-original-content') || 'Ingest';
submitButton.classList.remove('bg-[#ffb14d]', 'opacity-75', 'cursor-not-allowed');
Copilot is powered by AI and may make mistakes. Always verify output.
@coderamp-labs coderamp-labs deleted a comment from github-actions bot Aug 5, 2025
@github-actions GitHub Actions
Copy link

github-actions bot commented Aug 5, 2025

This pull request has merge conflicts that must be resolved before it can be merged.

@github-actions GitHub Actions
Copy link

github-actions bot commented Aug 5, 2025

This pull request has resolved merge conflicts and is ready for review.

@github-actions GitHub Actions
Copy link

This pull request has merge conflicts that must be resolved before it can be merged.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
deploy-pr-temp-env rebase needed 🚧
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@cyclotruc @NicolasIRAGNE