-
Notifications
You must be signed in to change notification settings - Fork 31
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
wip: ai model gallery #2316
base: master
Are you sure you want to change the base?
wip: ai model gallery #2316
Conversation
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
useEffect(() => { | ||
if (selectedSegmentImage && canvasRef.current) { | ||
const image = new Image(); | ||
image.src = selectedSegmentImage; |
Check warning
Code scanning / CodeQL
DOM text reinterpreted as HTML Medium
DOM text
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI about 2 months ago
To fix this issue, we need to ensure that the file being used as the source for the image is safe and does not contain any malicious content. One way to achieve this is by validating the file type and size before using it. Additionally, we can use a library like DOMPurify to sanitize any potentially unsafe content.
- Validate the file type and size before setting it as the
selectedSegmentImage
. - Use DOMPurify to sanitize the URL if necessary.
-
Copy modified line R356 -
Copy modified line R359
@@ -355,5 +355,6 @@ | ||
const file = e.target.files?.[0]; | ||
if (file && file.type.startsWith("image/")) { | ||
if (file && file.type.startsWith("image/") && file.size < 5 * 1024 * 1024) { // Check if file is an image and less than 5MB | ||
setSelectedSegmentImage(URL.createObjectURL(file)); | ||
} else { | ||
toast.error("Invalid file type or size. Please upload an image less than 5MB."); | ||
setSelectedSegmentImage(null); |
const ctx = canvasRef.current.getContext("2d"); | ||
if (ctx && imageDimensions) { | ||
const image = new Image(); | ||
image.src = selectedSegmentImage; |
Check warning
Code scanning / CodeQL
DOM text reinterpreted as HTML Medium
DOM text
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI about 2 months ago
To fix this issue, we need to ensure that the selectedSegmentImage
is properly sanitized before being used as the src
attribute of an Image
object. One way to achieve this is by validating the file type and ensuring it is a legitimate image file. Additionally, we can use a safer method to handle the image URL.
- Validate the file type to ensure it is an image.
- Use
URL.createObjectURL
to create a safe URL for the image file. - Ensure that the
selectedSegmentImage
is only set if the file type is valid.
-
Copy modified lines R357-R358
@@ -356,3 +356,4 @@ | ||
if (file && file.type.startsWith("image/")) { | ||
setSelectedSegmentImage(URL.createObjectURL(file)); | ||
const safeUrl = URL.createObjectURL(file); | ||
setSelectedSegmentImage(safeUrl); | ||
} else { |
What does this pull request do? Explain your changes. (required)
Specific updates (required)
How did you test each of these updates (required)
Does this pull request close any open issues?
Screenshots (optional)
Checklist