ifpen
Add security validation for select widgets with mismatched keys and values arrays
This PR adds validation to select widgets to prevent data loss when keys and values arrays have different lengths.
Problem
Previously, select widgets would silently lose data when keys and values arrays had different lengths. The render function used Math.min(keys.length, values.length) to determine the number of options, causing:
- Missing options when keys array was longer than values array
- Missing values when values array was longer than keys array
For example:
// Keys: ["Red", "Green", "Blue", "Yellow"]
// Values: ["#FF0000", "#00FF00"]
// Result: Only 2 options created, "Blue" and "Yellow" are lost
Solution
Added custom validator functions to the WidgetActuatorDescription constructors that:
- Check if both keys and values arrays exist and have elements
- Validate that they have the same length when both are present
- Return descriptive error messages for length mismatches
- Pass validation when arrays match or when only one array is provided
Changes
- Added
WidgetActuatorValidationErrorimport - Created
validateKeysValuesConsistency()function - Applied validation to all relevant actuator descriptors:
-
_KEYS_DESCRIPTOR -
_VALUES_STRING_DESCRIPTOR -
_VALUES_NUMBER_DESCRIPTOR -
_VALUES_BOOLEAN_DESCRIPTOR
-
Validation Demo
The validation correctly handles all scenarios:
- Valid configurations with matching array lengths pass
- Invalid configurations with length mismatches fail with clear error messages like "Keys array length (4) must match values array length (2)"
- Edge cases like empty arrays or single-array configurations pass appropriately
Users now get immediate feedback about array inconsistencies instead of silent data loss, improving the security and reliability of select widgets.
Fixes #65.
💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.
