hive icon indicating copy to clipboard operation
hive copied to clipboard

Published 20 hours ago verified publisher icon pollinations

SVG Feedback Security and Quality Improvements

Open mentatbot[bot] opened this issue 10 months ago • 12 comments

This PR implements several important security and quality improvements to the SVG feedback system:

  1. Security Improvements:
  • Added SVG content sanitization to prevent XSS attacks
  • Removes dangerous elements (script, foreignObject, use)
  • Removes dangerous attributes (event handlers)
  • Sanitizes href/xlink:href attributes
  1. Retry Mechanism Enhancement:
  • Fixed seed increment during retries
  • Ensures different results on retry attempts
  1. Error Handling Improvements:
  • Separated SVG validation checks
  • Added specific error messages
  • Added SVG parsing validation
  • Better error reporting in UI
  1. Code Quality:
  • Added comprehensive JSDoc comments
  • Improved code organization
  • Better error handling patterns

These changes address the security vulnerability identified in the previous PR and improve the overall reliability and maintainability of the code.

Precommit Logs: 395f35b ✅1fe13a8 ✅

🤖 See my steps and track the cost of the PR here

#152

mentatbot[bot] avatar Jan 17 '25 18:01 mentatbot[bot]

🚀 PR Preview deployed!

Preview URL: https://pollinations.github.io/hive/pr-153/

github-actions[bot] avatar Jan 17 '25 18:01 github-actions[bot]

Hi @github-actions[bot]! You need to be added as a user to interact with me. Please ask @voodoohop to add you on the settings page.

mentatbot[bot] avatar Jan 17 '25 18:01 mentatbot[bot]

Testing .mentat

Testing ai-chat

Testing static HTML app: ai-chat

Testing graphics-editor

Testing static HTML app: graphics-editor

Testing llm-feedback

Testing static HTML app: llm-feedback

Testing millionaire-game

Testing static HTML app: millionaire-game

Testing placeholder-generator

Testing Node.js app: placeholder-generator

Installing dependencies



added 273 packages, and audited 274 packages in 7s

108 packages are looking for funding
  run `npm fund` for details

found 0 vulnerabilities

npm warn deprecated [email protected]: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm warn deprecated [email protected]: Rimraf versions prior to v4 are no longer supported
npm warn deprecated [email protected]: Glob versions prior to v9 are no longer supported
npm warn deprecated @humanwhocodes/[email protected]: Use @eslint/object-schema instead
npm warn deprecated @humanwhocodes/[email protected]: Use @eslint/config-array instead
npm warn deprecated [email protected]: This version is no longer supported. Please see https://eslint.org/version-support for other options.

ℹ️ No tests found

Building



> [email protected] build
> vite build

[36mvite v5.4.11 [32mbuilding for production...[36m[39m
transforming...
[32m✓[39m 32 modules transformed.
rendering chunks...
computing gzip size...
[2mdist/[22m[32mindex.html                 [39m[1m[2m  0.45 kB[22m[1m[22m[2m │ gzip:  0.28 kB[22m
[2mdist/[22m[2massets/[22m[35mindex-Xy5EDiQ3.css  [39m[1m[2m  1.25 kB[22m[1m[22m[2m │ gzip:  0.61 kB[22m
[2mdist/[22m[2massets/[22m[36mindex-BAcusHwb.js   [39m[1m[2m144.97 kB[22m[1m[22m[2m │ gzip: 46.73 kB[22m
[32m✓ built in 781ms[39m

Testing pollinations-image-show

Testing Node.js app: pollinations-image-show

Installing dependencies



added 314 packages, and audited 315 packages in 11s

118 packages are looking for funding
  run `npm fund` for details

found 0 vulnerabilities

ℹ️ No tests found

Building



> [email protected] build
> vite build

[36mvite v6.0.7 [32mbuilding for production...[36m[39m
transforming...
[32m✓[39m 969 modules transformed.
rendering chunks...
computing gzip size...
[2mdist/[22m[32mindex.html                 [39m[1m[2m  0.46 kB[22m[1m[22m[2m │ gzip:   0.29 kB[22m
[2mdist/[22m[2massets/[22m[35mindex-Ck1XBn8h.css  [39m[1m[2m  0.56 kB[22m[1m[22m[2m │ gzip:   0.32 kB[22m
[2mdist/[22m[2massets/[22m[36mindex-COrGKCAO.js   [39m[1m[2m311.91 kB[22m[1m[22m[2m │ gzip: 104.05 kB[22m
[32m✓ built in 2.61s[39m

Testing prompt-guessing-game

Testing Node.js app: prompt-guessing-game

Installing dependencies



added 61 packages, and audited 62 packages in 2s

7 packages are looking for funding
  run `npm fund` for details

found 0 vulnerabilities

ℹ️ No tests found

Building



> [email protected] build
> vite build

[36mvite v5.4.11 [32mbuilding for production...[36m[39m
transforming...
[32m✓[39m 33 modules transformed.
rendering chunks...
computing gzip size...
[2mdist/[22m[32mindex.html                 [39m[1m[2m  0.46 kB[22m[1m[22m[2m │ gzip:  0.29 kB[22m
[2mdist/[22m[2massets/[22m[35mindex-Dcj2S7H_.css  [39m[1m[2m  1.71 kB[22m[1m[22m[2m │ gzip:  0.76 kB[22m
[2mdist/[22m[2massets/[22m[36mindex-DycsOj9-.js   [39m[1m[2m146.36 kB[22m[1m[22m[2m │ gzip: 47.33 kB[22m
[32m✓ built in 796ms[39m

Testing svg-feedback

Testing static HTML app: svg-feedback

❌ HTML tests failed for svg-feedback

Testing tarot-reader

Testing Node.js app: tarot-reader

Installing dependencies



added 324 packages, and audited 325 packages in 3s

155 packages are looking for funding
  run `npm fund` for details

found 0 vulnerabilities

ℹ️ No tests found

Building



> [email protected] build
> vite build

[36mvite v6.0.7 [32mbuilding for production...[36m[39m
transforming...
[32m✓[39m 34 modules transformed.
rendering chunks...
computing gzip size...
[2mdist/[22m[32mindex.html                 [39m[1m[2m  0.56 kB[22m[1m[22m[2m │ gzip:  0.33 kB[22m
[2mdist/[22m[2massets/[22m[35mindex-tTF554dA.css  [39m[1m[2m  2.48 kB[22m[1m[22m[2m │ gzip:  1.03 kB[22m
[2mdist/[22m[2massets/[22m[36mindex-BxXiSpNq.js   [39m[1m[2m149.43 kB[22m[1m[22m[2m │ gzip: 48.71 kB[22m
[32m✓ built in 866ms[39m

github-actions[bot] avatar Jan 17 '25 18:01 github-actions[bot]

Hi @github-actions[bot]! You need to be added as a user to interact with me. Please ask @voodoohop to add you on the settings page.

mentatbot[bot] avatar Jan 17 '25 18:01 mentatbot[bot]

🚀 PR Preview deployed!

Preview URL: https://pollinations.github.io/hive/pr-153/

github-actions[bot] avatar Jan 17 '25 18:01 github-actions[bot]

Hi @github-actions[bot]! You need to be added as a user to interact with me. Please ask @voodoohop to add you on the settings page.

mentatbot[bot] avatar Jan 17 '25 18:01 mentatbot[bot]

TestGru: The source file has been modified. Please add a comment @gru-agent under the changed file to notify the TestGru to rewrite the test code.

gru-agent[bot] avatar Jan 17 '25 18:01 gru-agent[bot]

Hi @gru-agent[bot]! You need to be added as a user to interact with me. Please ask @voodoohop to add you on the settings page.

mentatbot[bot] avatar Jan 17 '25 18:01 mentatbot[bot]

🚀 PR Preview deployed!

Preview URL: https://pollinations.github.io/hive/pr-153/

github-actions[bot] avatar Jan 17 '25 18:01 github-actions[bot]

🚀 PR Preview deployed!

Preview URL: https://pollinations.github.io/hive/pr-153/

github-actions[bot] avatar Jan 17 '25 18:01 github-actions[bot]

Hi @github-actions[bot]! You need to be added as a user to interact with me. Please ask @voodoohop to add you on the settings page.

mentatbot[bot] avatar Jan 17 '25 18:01 mentatbot[bot]

Hi @github-actions[bot]! You need to be added as a user to interact with me. Please ask @voodoohop to add you on the settings page.

mentatbot[bot] avatar Jan 17 '25 18:01 mentatbot[bot]