fix(web): avoid crashes on malformed Markdown hash links#608
Open
VectorPeak wants to merge 1 commit into
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Fixes malformed Markdown hash-link decoding in the frontend renderers.
Previously, hash links were decoded with
decodeURIComponent(...)directly. If a hash contained malformed percent-encoding, the renderer click/scroll path could throw instead of gracefully falling back. This PR addssafeDecodeURIComponent(...), uses it in both rich and simple Markdown renderers, and covers valid plus malformed hash components with node tests.Concrete failing payload:
The affected click path is:
This only changes in-page hash target decoding for Markdown scrolling. It does not change URL sanitization, external links, attachment links, Markdown normalization, citation formatting, or scroll behavior for valid anchors.
Related Issues
Module(s) Affected
agentsapiconfigcoreknowledgeloggingservicestoolsutilsweb(Frontend)docs(Documentation)scriptstests...Checklist
pre-commit run --all-filesand fixed any issues.Additional Notes
Evidence:
Before this change, malformed hash components could throw while handling an in-page Markdown link click:
After this change:
That keeps valid encoded anchors working while making malformed anchors degrade safely to the raw hash component.
Validation performed locally:
Note:
npm run test:nodecurrently exits with code 1 in this Windows workspace without printing a failing test case. Running the same underlying steps manually (tsc.cmdcompile followed bynode --testover the compiled tests) passes successfully.