Skip to content

Feat/remote sign v3 #705

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 6 commits into
base: main
Choose a base branch
from
Draft

Feat/remote sign v3 #705

wants to merge 6 commits into from

Conversation

ieow
Copy link
Contributor

@ieow ieow commented Nov 20, 2024

Motivation and Context

Jira Link:

Description

How has this been tested?

Screenshots (if appropriate):

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)

Checklist:

  • My code follows the code style of this project. (run lint)
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have added tests to cover my changes.
  • All new and existing tests passed.
  • My code requires a db migration.

@vercel Vercel
Copy link

vercel bot commented Nov 20, 2024
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
mpc-core-kit-aggregate-verifier-example ✅ Ready (Inspect) Visit Preview 💬 Add feedback Feb 6, 2025 7:43am
mpc-core-kit-angular-quick-start ✅ Ready (Inspect) Visit Preview 💬 Add feedback Feb 6, 2025 7:43am
mpc-core-kit-bitcoin ✅ Ready (Inspect) Visit Preview 💬 Add feedback Feb 6, 2025 7:43am
mpc-core-kit-farcaster ✅ Ready (Inspect) Visit Preview 💬 Add feedback Feb 6, 2025 7:43am
mpc-core-kit-nextjs-quick-start ✅ Ready (Inspect) Visit Preview 💬 Add feedback Feb 6, 2025 7:43am
mpc-core-kit-react-quick-start ✅ Ready (Inspect) Visit Preview 💬 Add feedback Feb 6, 2025 7:43am
mpc-core-kit-solana ✅ Ready (Inspect) Visit Preview 💬 Add feedback Feb 6, 2025 7:43am
mpc-core-kit-vue-quick-start ✅ Ready (Inspect) Visit Preview 💬 Add feedback Feb 6, 2025 7:43am
sfa-angular-quick-start ✅ Ready (Inspect) Visit Preview 💬 Add feedback Feb 6, 2025 7:43am
sfa-nextjs-quick-start ✅ Ready (Inspect) Visit Preview 💬 Add feedback Feb 6, 2025 7:43am
sfa-react-quick-start ✅ Ready (Inspect) Visit Preview 💬 Add feedback Feb 6, 2025 7:43am
sfa-vanillajs-quick-start ✅ Ready (Inspect) Visit Preview 💬 Add feedback Feb 6, 2025 7:43am
sfa-vue-quick-start ✅ Ready (Inspect) Visit Preview 💬 Add feedback Feb 6, 2025 7:43am
sfa-web-aggregate-verifier-example ✅ Ready (Inspect) Visit Preview 💬 Add feedback Feb 6, 2025 7:43am
sfa-web-auth0-example ✅ Ready (Inspect) Visit Preview 💬 Add feedback Feb 6, 2025 7:43am
sfa-web-bitcoin-example ✅ Ready (Inspect) Visit Preview 💬 Add feedback Feb 6, 2025 7:43am
sfa-web-farcaster ✅ Ready (Inspect) Visit Preview 💬 Add feedback Feb 6, 2025 7:43am
sfa-web-google-example ✅ Ready (Inspect) Visit Preview 💬 Add feedback Feb 6, 2025 7:43am
sfa-web-nextauth-example ✅ Ready (Inspect) Visit Preview 💬 Add feedback Feb 6, 2025 7:43am
sfa-web-passwordless-example ✅ Ready (Inspect) Visit Preview 💬 Add feedback Feb 6, 2025 7:43am
sfa-web-ton-telegram-example ✅ Ready (Inspect) Visit Preview 💬 Add feedback Feb 6, 2025 7:43am
sfa-web-ton-telegram-server ✅ Ready (Inspect) Visit Preview 💬 Add feedback Feb 6, 2025 7:43am
web3auth-core-kit-examples ✅ Ready (Inspect) Visit Preview 💬 Add feedback Feb 6, 2025 7:43am

github-advanced-security[bot]
github-advanced-security bot found potential problems Feb 6, 2025
View reviewed changes
mpc-core-kit-web/quick-starts/mpc-core-kit-react-remote-sign/src/App.tsx
function uiConsole(...args: any): void {
const el = document.querySelector("#console>p");
if (el) {
el.innerHTML = JSON.stringify(args || {}, null, 2);

Check warning

Code scanning / CodeQL

Exception text reinterpreted as HTML Medium

Exception text
Loading
is reinterpreted as HTML without escaping meta-characters.

Copilot Autofix

AI 8 months ago

To fix the problem, we need to ensure that any untrusted data written to the HTML is properly sanitized or escaped to prevent XSS attacks. The best way to fix this issue is to use a library like DOMPurify to sanitize the HTML content before writing it to the DOM. This will ensure that any potentially dangerous characters are neutralized.

  1. Install the dompurify library.
  2. Import the dompurify library in the file.
  3. Use DOMPurify.sanitize to sanitize the content before setting it to innerHTML.
Suggested changeset 2
mpc-core-kit-web/quick-starts/mpc-core-kit-react-remote-sign/src/App.tsx

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/mpc-core-kit-web/quick-starts/mpc-core-kit-react-remote-sign/src/App.tsx b/mpc-core-kit-web/quick-starts/mpc-core-kit-react-remote-sign/src/App.tsx
--- a/mpc-core-kit-web/quick-starts/mpc-core-kit-react-remote-sign/src/App.tsx
+++ b/mpc-core-kit-web/quick-starts/mpc-core-kit-react-remote-sign/src/App.tsx
@@ -3,2 +3,3 @@
 import "./App.css";
+import DOMPurify from 'dompurify';
 import { tssLib as dklsLib } from "@toruslabs/tss-dkls-lib";
@@ -445,3 +446,3 @@
     if (el) {
-      el.innerHTML = JSON.stringify(args || {}, null, 2);
+      el.innerHTML = DOMPurify.sanitize(JSON.stringify(args || {}, null, 2));
     }
EOF
@@ -3,2 +3,3 @@
import "./App.css";
import DOMPurify from 'dompurify';
import { tssLib as dklsLib } from "@toruslabs/tss-dkls-lib";
@@ -445,3 +446,3 @@
if (el) {
el.innerHTML = JSON.stringify(args || {}, null, 2);
el.innerHTML = DOMPurify.sanitize(JSON.stringify(args || {}, null, 2));
}
mpc-core-kit-web/quick-starts/mpc-core-kit-react-remote-sign/package.json
Outside changed files

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/mpc-core-kit-web/quick-starts/mpc-core-kit-react-remote-sign/package.json b/mpc-core-kit-web/quick-starts/mpc-core-kit-react-remote-sign/package.json
--- a/mpc-core-kit-web/quick-starts/mpc-core-kit-react-remote-sign/package.json
+++ b/mpc-core-kit-web/quick-starts/mpc-core-kit-react-remote-sign/package.json
@@ -32,3 +32,4 @@
     "vite": "^5.4.8",
-    "web3": "^4.13.0"
+    "web3": "^4.13.0",
+    "dompurify": "^3.2.4"
   },
EOF
@@ -32,3 +32,4 @@
"vite": "^5.4.8",
"web3": "^4.13.0"
"web3": "^4.13.0",
"dompurify": "^3.2.4"
},
This fix introduces these dependencies
Package Version Security advisories
dompurify (npm) 3.2.4 None
Copilot is powered by AI and may make mistakes. Always verify output.
@shahbaz17 shahbaz17 marked this pull request as draft March 24, 2025 04:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ieow @himanshuchawla009