-
Notifications
You must be signed in to change notification settings - Fork 88
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[hive/app] replace '
and "
for old
/new
description
#5047
base: main
Are you sure you want to change the base?
Conversation
|
oldDescription: z.union([z.string(), z.null()]), | ||
newDescription: z.union([z.string(), z.null()]), | ||
oldDescription: z.union([z.string().transform(replaceQuotes), z.null()]), | ||
newDescription: z.union([z.string().transform(replaceQuotes), z.null()]), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I only transform old
and new
descriptions, I think we don't need transform other descriptions, like
addedInputFieldDescription: z.string(), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How does this affect the output of the CLI, Slack, and GitHub actions? We also use this information from there, not only from the web client.
|
||
export function labelize(message: string): ReactNode[] { | ||
// Replace '...' with <Label>...</Label> | ||
return reactStringReplace(message, /'([^']+)'/gim, (match, i) => ( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I removed previously message.replace(/"/g, "'")
I think we don't need to replace "
export function labelize(message: string): ReactNode[] { | ||
// Replace '...' with <Label>...</Label> | ||
return reactStringReplace(message, /'([^']+)'/gim, (match, i) => ( | ||
<Label key={i} dangerouslySetInnerHTML={{ __html: match }} /> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think better to use dangerouslySetInnerHTML
instead of .replaceAll(''', "'").replaceAll('"', '"')
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My concern is that using dangerouslySetInnerHTML
will inject things we do not expect.
Let's say someone is using some HTML or malicious syntax in the schema description, it might be injected all the way to the frontend?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
you are right, I totally forgot about this case, I will push a fix
update: pushed a fix
📚 Storybook DeploymentThe latest changes are available as preview in: https://f45a3fad.hive-storybook.pages.dev |
🐋 This PR was built and pushed to the following Docker images (tag: Docker Bake metadata{
"app": {
"buildx.build.ref": "builder-883cd929-184f-4b0a-858f-c33c428b2e25/builder-883cd929-184f-4b0a-858f-c33c428b2e250/b9ridn02ebbe1xkuunc6ataqi",
"containerimage.descriptor": {
"mediaType": "application/vnd.docker.distribution.manifest.list.v2+json",
"digest": "sha256:e8a5c3f16b8b3670a868f8a4a9b0d358e4d0b4eaaf52eadb902871fa25cfe752",
"size": 685
},
"containerimage.digest": "sha256:e8a5c3f16b8b3670a868f8a4a9b0d358e4d0b4eaaf52eadb902871fa25cfe752",
"image.name": "ghcr.io/kamilkisiela/graphql-hive/app:9cf8de99f955467bdd4339d09f9e9b4999e69a34,ghcr.io/kamilkisiela/graphql-hive/app:replace_quotes_for_descriptions"
},
"composition-federation-2": {
"buildx.build.ref": "builder-883cd929-184f-4b0a-858f-c33c428b2e25/builder-883cd929-184f-4b0a-858f-c33c428b2e250/quryjugkvgzfrgzkxanh6wkar",
"containerimage.descriptor": {
"mediaType": "application/vnd.docker.distribution.manifest.list.v2+json",
"digest": "sha256:79450df00e73b105d706bfd2acd9f5dfba590e2bc9864cedfdb3a4858c1aa64b",
"size": 685
},
"containerimage.digest": "sha256:79450df00e73b105d706bfd2acd9f5dfba590e2bc9864cedfdb3a4858c1aa64b",
"image.name": "ghcr.io/kamilkisiela/graphql-hive/composition-federation-2:9cf8de99f955467bdd4339d09f9e9b4999e69a34,ghcr.io/kamilkisiela/graphql-hive/composition-federation-2:replace_quotes_for_descriptions"
},
"emails": {
"buildx.build.ref": "builder-883cd929-184f-4b0a-858f-c33c428b2e25/builder-883cd929-184f-4b0a-858f-c33c428b2e250/icjk5uhk2rg8d2bxlpne1m9ng",
"containerimage.descriptor": {
"mediaType": "application/vnd.docker.distribution.manifest.list.v2+json",
"digest": "sha256:82a17cd203603c763abcd194faae97f3cf53be35a56b963fc49039a3ab919793",
"size": 685
},
"containerimage.digest": "sha256:82a17cd203603c763abcd194faae97f3cf53be35a56b963fc49039a3ab919793",
"image.name": "ghcr.io/kamilkisiela/graphql-hive/emails:9cf8de99f955467bdd4339d09f9e9b4999e69a34,ghcr.io/kamilkisiela/graphql-hive/emails:replace_quotes_for_descriptions"
},
"policy": {
"buildx.build.ref": "builder-883cd929-184f-4b0a-858f-c33c428b2e25/builder-883cd929-184f-4b0a-858f-c33c428b2e250/n12vmsp0cwnhppam3htkh7na4",
"containerimage.descriptor": {
"mediaType": "application/vnd.docker.distribution.manifest.list.v2+json",
"digest": "sha256:b804f90f0465a7e71c2dbea36827e617dc7b7c2f1a4fefab275f549419f7a510",
"size": 685
},
"containerimage.digest": "sha256:b804f90f0465a7e71c2dbea36827e617dc7b7c2f1a4fefab275f549419f7a510",
"image.name": "ghcr.io/kamilkisiela/graphql-hive/policy:9cf8de99f955467bdd4339d09f9e9b4999e69a34,ghcr.io/kamilkisiela/graphql-hive/policy:replace_quotes_for_descriptions"
},
"rate-limit": {
"buildx.build.ref": "builder-883cd929-184f-4b0a-858f-c33c428b2e25/builder-883cd929-184f-4b0a-858f-c33c428b2e250/me745zf7jh08q5z4w3l8aklls",
"containerimage.descriptor": {
"mediaType": "application/vnd.docker.distribution.manifest.list.v2+json",
"digest": "sha256:f6619ace8b274cede0253a5eaf10cd11897264f666ed80b7693b050bdb8c0f6a",
"size": 685
},
"containerimage.digest": "sha256:f6619ace8b274cede0253a5eaf10cd11897264f666ed80b7693b050bdb8c0f6a",
"image.name": "ghcr.io/kamilkisiela/graphql-hive/rate-limit:9cf8de99f955467bdd4339d09f9e9b4999e69a34,ghcr.io/kamilkisiela/graphql-hive/rate-limit:replace_quotes_for_descriptions"
},
"schema": {
"buildx.build.ref": "builder-883cd929-184f-4b0a-858f-c33c428b2e25/builder-883cd929-184f-4b0a-858f-c33c428b2e250/pbjslz7qobjv5ezhu5l20j4fb",
"containerimage.descriptor": {
"mediaType": "application/vnd.docker.distribution.manifest.list.v2+json",
"digest": "sha256:aefdd8550eb28b6a0280856ef92495cb1bfc2af5fec2b972fb853f87fe0ac835",
"size": 685
},
"containerimage.digest": "sha256:aefdd8550eb28b6a0280856ef92495cb1bfc2af5fec2b972fb853f87fe0ac835",
"image.name": "ghcr.io/kamilkisiela/graphql-hive/schema:9cf8de99f955467bdd4339d09f9e9b4999e69a34,ghcr.io/kamilkisiela/graphql-hive/schema:replace_quotes_for_descriptions"
},
"server": {
"buildx.build.ref": "builder-883cd929-184f-4b0a-858f-c33c428b2e25/builder-883cd929-184f-4b0a-858f-c33c428b2e250/ier69cq15v57971z1b0mbjf1o",
"containerimage.descriptor": {
"mediaType": "application/vnd.docker.distribution.manifest.list.v2+json",
"digest": "sha256:fb92ee871df824973cb4d75b2d5b698d536bf9f05f31f5010be58174aaf410e6",
"size": 685
},
"containerimage.digest": "sha256:fb92ee871df824973cb4d75b2d5b698d536bf9f05f31f5010be58174aaf410e6",
"image.name": "ghcr.io/kamilkisiela/graphql-hive/server:9cf8de99f955467bdd4339d09f9e9b4999e69a34,ghcr.io/kamilkisiela/graphql-hive/server:replace_quotes_for_descriptions"
},
"storage": {
"buildx.build.ref": "builder-883cd929-184f-4b0a-858f-c33c428b2e25/builder-883cd929-184f-4b0a-858f-c33c428b2e250/ik9mxl7y7u6khor14kgdt2nds",
"containerimage.descriptor": {
"mediaType": "application/vnd.docker.distribution.manifest.list.v2+json",
"digest": "sha256:b13f425682d1580765196c86cb2c89110b52f0b55574460161d2e72c6267038f",
"size": 685
},
"containerimage.digest": "sha256:b13f425682d1580765196c86cb2c89110b52f0b55574460161d2e72c6267038f",
"image.name": "ghcr.io/kamilkisiela/graphql-hive/storage:9cf8de99f955467bdd4339d09f9e9b4999e69a34,ghcr.io/kamilkisiela/graphql-hive/storage:replace_quotes_for_descriptions"
},
"stripe-billing": {
"buildx.build.ref": "builder-883cd929-184f-4b0a-858f-c33c428b2e25/builder-883cd929-184f-4b0a-858f-c33c428b2e250/km7881oe11crfh2k5xq3n3u4h",
"containerimage.descriptor": {
"mediaType": "application/vnd.docker.distribution.manifest.list.v2+json",
"digest": "sha256:3c3acf880c955f49eb04d81d3b6232398918074791826ec303d18bc6ea81d49b",
"size": 685
},
"containerimage.digest": "sha256:3c3acf880c955f49eb04d81d3b6232398918074791826ec303d18bc6ea81d49b",
"image.name": "ghcr.io/kamilkisiela/graphql-hive/stripe-billing:9cf8de99f955467bdd4339d09f9e9b4999e69a34,ghcr.io/kamilkisiela/graphql-hive/stripe-billing:replace_quotes_for_descriptions"
},
"tokens": {
"buildx.build.ref": "builder-883cd929-184f-4b0a-858f-c33c428b2e25/builder-883cd929-184f-4b0a-858f-c33c428b2e250/74oy37ltc4cyqinohwzzeoedq",
"containerimage.descriptor": {
"mediaType": "application/vnd.docker.distribution.manifest.list.v2+json",
"digest": "sha256:e29b4ebdd18245c2bc3cc749df7363e974b368614797cfa45db06e7b015d72b8",
"size": 685
},
"containerimage.digest": "sha256:e29b4ebdd18245c2bc3cc749df7363e974b368614797cfa45db06e7b015d72b8",
"image.name": "ghcr.io/kamilkisiela/graphql-hive/tokens:9cf8de99f955467bdd4339d09f9e9b4999e69a34,ghcr.io/kamilkisiela/graphql-hive/tokens:replace_quotes_for_descriptions"
},
"usage": {
"buildx.build.ref": "builder-883cd929-184f-4b0a-858f-c33c428b2e25/builder-883cd929-184f-4b0a-858f-c33c428b2e250/3t7p4d1x7mniod2c2tt792gag",
"containerimage.descriptor": {
"mediaType": "application/vnd.docker.distribution.manifest.list.v2+json",
"digest": "sha256:cd0888c00a0ff421897050590fe84bb7c393667e39755d7ea6a24b1ae3ec2dbf",
"size": 685
},
"containerimage.digest": "sha256:cd0888c00a0ff421897050590fe84bb7c393667e39755d7ea6a24b1ae3ec2dbf",
"image.name": "ghcr.io/kamilkisiela/graphql-hive/usage:9cf8de99f955467bdd4339d09f9e9b4999e69a34,ghcr.io/kamilkisiela/graphql-hive/usage:replace_quotes_for_descriptions"
},
"usage-estimator": {
"buildx.build.ref": "builder-883cd929-184f-4b0a-858f-c33c428b2e25/builder-883cd929-184f-4b0a-858f-c33c428b2e250/m5yiz8nt4xlkh2ps1nad4xy94",
"containerimage.descriptor": {
"mediaType": "application/vnd.docker.distribution.manifest.list.v2+json",
"digest": "sha256:b2e2f19e3fc93694f80eb947f2ef688c5e1a8f101320df8863f9a06089c37021",
"size": 685
},
"containerimage.digest": "sha256:b2e2f19e3fc93694f80eb947f2ef688c5e1a8f101320df8863f9a06089c37021",
"image.name": "ghcr.io/kamilkisiela/graphql-hive/usage-estimator:9cf8de99f955467bdd4339d09f9e9b4999e69a34,ghcr.io/kamilkisiela/graphql-hive/usage-estimator:replace_quotes_for_descriptions"
},
"usage-ingestor": {
"buildx.build.ref": "builder-883cd929-184f-4b0a-858f-c33c428b2e25/builder-883cd929-184f-4b0a-858f-c33c428b2e250/v837vqrmm5oxh5v88df0esyc8",
"containerimage.descriptor": {
"mediaType": "application/vnd.docker.distribution.manifest.list.v2+json",
"digest": "sha256:92693ce1ba6d0ad6391397c855dffd0fa5dded05b946d9501c7ad978cc171e51",
"size": 685
},
"containerimage.digest": "sha256:92693ce1ba6d0ad6391397c855dffd0fa5dded05b946d9501c7ad978cc171e51",
"image.name": "ghcr.io/kamilkisiela/graphql-hive/usage-ingestor:9cf8de99f955467bdd4339d09f9e9b4999e69a34,ghcr.io/kamilkisiela/graphql-hive/usage-ingestor:replace_quotes_for_descriptions"
},
"webhooks": {
"buildx.build.ref": "builder-883cd929-184f-4b0a-858f-c33c428b2e25/builder-883cd929-184f-4b0a-858f-c33c428b2e250/z8ni18hbrp9atg6xlw1scwxar",
"containerimage.descriptor": {
"mediaType": "application/vnd.docker.distribution.manifest.list.v2+json",
"digest": "sha256:6c21f25d5d5256a595c1be4564579d681dc7a6586b55966266b2f23d42a4dadb",
"size": 685
},
"containerimage.digest": "sha256:6c21f25d5d5256a595c1be4564579d681dc7a6586b55966266b2f23d42a4dadb",
"image.name": "ghcr.io/kamilkisiela/graphql-hive/webhooks:9cf8de99f955467bdd4339d09f9e9b4999e69a34,ghcr.io/kamilkisiela/graphql-hive/webhooks:replace_quotes_for_descriptions"
}
} |
@@ -197,15 +197,19 @@ export function implement<Model = never>() { | |||
}; | |||
} | |||
|
|||
function replaceQuotes(value: string): string { | |||
return value.replaceAll("'", ''').replaceAll('"', '"'); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good catch. Do we have more things that need to be escaped? 🤔
@kamilkisiela @n1ru4l @TuvalSimha
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixes https://guild-oss.slack.com/archives/C01E8ATBQGN/p1719154268309169