Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Caption refactor Presentation XML: https://github.com/metanorma/isodo… #618

Merged
merged 79 commits into from
Dec 8, 2024
Merged

Caption refactor Presentation XML: https://github.com/metanorma/isodo… #618

merged 79 commits into from
Dec 8, 2024

Conversation

opoudjis
Copy link
Contributor

…c/issues/617

Metanorma PR checklist

@opoudjis opoudjis self-assigned this Nov 13, 2024
@opoudjis opoudjis marked this pull request as draft November 13, 2024 08:04
hound[bot]
hound bot reviewed Nov 13, 2024
View reviewed changes
Copy link

@hound hound bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some files could not be reviewed due to errors:

Error: RuboCop found unknown Ruby version 3.4 in `TargetRubyVersion` paramete... 
Error: RuboCop found unknown Ruby version 3.4 in `TargetRubyVersion` parameter (in .rubocop.yml).
Supported versions: 2.4, 2.5, 2.6, 2.7, 3.0

hound[bot]
hound bot reviewed Nov 13, 2024
View reviewed changes
Copy link

@hound hound bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some files could not be reviewed due to errors:

Error: RuboCop found unknown Ruby version 3.4 in `TargetRubyVersion` paramete... 
Error: RuboCop found unknown Ruby version 3.4 in `TargetRubyVersion` parameter (in .rubocop.yml).
Supported versions: 2.4, 2.5, 2.6, 2.7, 3.0

hound[bot]
hound bot reviewed Nov 13, 2024
View reviewed changes
Copy link

@hound hound bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some files could not be reviewed due to errors:

Error: RuboCop found unknown Ruby version 3.4 in `TargetRubyVersion` paramete... 
Error: RuboCop found unknown Ruby version 3.4 in `TargetRubyVersion` parameter (in .rubocop.yml).
Supported versions: 2.4, 2.5, 2.6, 2.7, 3.0

hound[bot]
hound bot reviewed Nov 13, 2024
View reviewed changes
Copy link

@hound hound bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some files could not be reviewed due to errors:

Error: RuboCop found unknown Ruby version 3.4 in `TargetRubyVersion` paramete... 
Error: RuboCop found unknown Ruby version 3.4 in `TargetRubyVersion` parameter (in .rubocop.yml).
Supported versions: 2.4, 2.5, 2.6, 2.7, 3.0

hound[bot]
hound bot reviewed Nov 13, 2024
View reviewed changes
Copy link

@hound hound bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some files could not be reviewed due to errors:

Error: RuboCop found unknown Ruby version 3.4 in `TargetRubyVersion` paramete... 
Error: RuboCop found unknown Ruby version 3.4 in `TargetRubyVersion` parameter (in .rubocop.yml).
Supported versions: 2.4, 2.5, 2.6, 2.7, 3.0

hound[bot]
hound bot reviewed Nov 13, 2024
View reviewed changes
Copy link

@hound hound bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some files could not be reviewed due to errors:

Error: RuboCop found unknown Ruby version 3.4 in `TargetRubyVersion` paramete... 
Error: RuboCop found unknown Ruby version 3.4 in `TargetRubyVersion` parameter (in .rubocop.yml).
Supported versions: 2.4, 2.5, 2.6, 2.7, 3.0

hound[bot]
hound bot reviewed Nov 14, 2024
View reviewed changes
Copy link

@hound hound bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some files could not be reviewed due to errors:

Error: RuboCop found unknown Ruby version 3.4 in `TargetRubyVersion` paramete... 
Error: RuboCop found unknown Ruby version 3.4 in `TargetRubyVersion` parameter (in .rubocop.yml).
Supported versions: 2.4, 2.5, 2.6, 2.7, 3.0

hound[bot]
hound bot reviewed Nov 14, 2024
View reviewed changes
Copy link

@hound hound bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some files could not be reviewed due to errors:

Error: RuboCop found unknown Ruby version 3.4 in `TargetRubyVersion` paramete... 
Error: RuboCop found unknown Ruby version 3.4 in `TargetRubyVersion` parameter (in .rubocop.yml).
Supported versions: 2.4, 2.5, 2.6, 2.7, 3.0

hound[bot]
hound bot reviewed Nov 14, 2024
View reviewed changes
Copy link

@hound hound bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some files could not be reviewed due to errors:

Error: RuboCop found unknown Ruby version 3.4 in `TargetRubyVersion` paramete... 
Error: RuboCop found unknown Ruby version 3.4 in `TargetRubyVersion` parameter (in .rubocop.yml).
Supported versions: 2.4, 2.5, 2.6, 2.7, 3.0

hound[bot]
hound bot reviewed Nov 14, 2024
View reviewed changes
Copy link

@hound hound bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some files could not be reviewed due to errors:

Error: RuboCop found unknown Ruby version 3.4 in `TargetRubyVersion` paramete... 
Error: RuboCop found unknown Ruby version 3.4 in `TargetRubyVersion` parameter (in .rubocop.yml).
Supported versions: 2.4, 2.5, 2.6, 2.7, 3.0

hound[bot]
hound bot reviewed Nov 14, 2024
View reviewed changes
Copy link

@hound hound bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some files could not be reviewed due to errors:

Error: RuboCop found unknown Ruby version 3.4 in `TargetRubyVersion` paramete... 
Error: RuboCop found unknown Ruby version 3.4 in `TargetRubyVersion` parameter (in .rubocop.yml).
Supported versions: 2.4, 2.5, 2.6, 2.7, 3.0

hound[bot]
hound bot reviewed Nov 14, 2024
View reviewed changes
Copy link

@hound hound bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some files could not be reviewed due to errors:

Error: RuboCop found unknown Ruby version 3.4 in `TargetRubyVersion` paramete... 
Error: RuboCop found unknown Ruby version 3.4 in `TargetRubyVersion` parameter (in .rubocop.yml).
Supported versions: 2.4, 2.5, 2.6, 2.7, 3.0

hound[bot]
hound bot reviewed Nov 14, 2024
View reviewed changes
Copy link

@hound hound bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some files could not be reviewed due to errors:

Error: RuboCop found unknown Ruby version 3.4 in `TargetRubyVersion` paramete... 
Error: RuboCop found unknown Ruby version 3.4 in `TargetRubyVersion` parameter (in .rubocop.yml).
Supported versions: 2.4, 2.5, 2.6, 2.7, 3.0

hound[bot]
hound bot reviewed Nov 14, 2024
View reviewed changes
Copy link

@hound hound bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some files could not be reviewed due to errors:

Error: RuboCop found unknown Ruby version 3.4 in `TargetRubyVersion` paramete... 
Error: RuboCop found unknown Ruby version 3.4 in `TargetRubyVersion` parameter (in .rubocop.yml).
Supported versions: 2.4, 2.5, 2.6, 2.7, 3.0

hound[bot]
hound bot reviewed Dec 2, 2024
View reviewed changes
Copy link

@hound hound bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some files could not be reviewed due to errors:

Error: RuboCop found unknown Ruby version 3.4 in `TargetRubyVersion` paramete... 
Error: RuboCop found unknown Ruby version 3.4 in `TargetRubyVersion` parameter (in .rubocop.yml).
Supported versions: 2.4, 2.5, 2.6, 2.7, 3.0

hound[bot]
hound bot reviewed Dec 2, 2024
View reviewed changes
Copy link

@hound hound bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some files could not be reviewed due to errors:

Error: RuboCop found unknown Ruby version 3.4 in `TargetRubyVersion` paramete... 
Error: RuboCop found unknown Ruby version 3.4 in `TargetRubyVersion` parameter (in .rubocop.yml).
Supported versions: 2.4, 2.5, 2.6, 2.7, 3.0

hound[bot]
hound bot reviewed Dec 2, 2024
View reviewed changes
Copy link

@hound hound bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some files could not be reviewed due to errors:

Error: RuboCop found unknown Ruby version 3.4 in `TargetRubyVersion` paramete... 
Error: RuboCop found unknown Ruby version 3.4 in `TargetRubyVersion` parameter (in .rubocop.yml).
Supported versions: 2.4, 2.5, 2.6, 2.7, 3.0

hound[bot]
hound bot reviewed Dec 2, 2024
View reviewed changes
Copy link

@hound hound bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some files could not be reviewed due to errors:

Error: RuboCop found unknown Ruby version 3.4 in `TargetRubyVersion` paramete... 
Error: RuboCop found unknown Ruby version 3.4 in `TargetRubyVersion` parameter (in .rubocop.yml).
Supported versions: 2.4, 2.5, 2.6, 2.7, 3.0

github-advanced-security[bot]
github-advanced-security bot found potential problems Dec 2, 2024
View reviewed changes
lib/isodoc/presentation_function/erefs.rb
@@ -5,7 +5,8 @@
def citeas(xmldoc)
xmldoc.xpath(ns("//eref | //origin | //quote//source")).each do |e|
e["bibitemid"] && e["citeas"] or next
a = @xrefs.anchor(e["bibitemid"], :xref, false) and e["citeas"] = a
a = @xrefs.anchor(e["bibitemid"], :xref, false) and
e["citeas"] = a.gsub(%r{</?[^>]+>}, "")

Check failure

Code scanning / CodeQL

Incomplete multi-character sanitization High

This string may still contain
<script
Loading
, which may cause an HTML element injection vulnerability.

Copilot Autofix AI 2 months ago

To fix the problem, we need to ensure that all instances of the targeted pattern are removed from the input string. One effective way to achieve this is to apply the regular expression replacement repeatedly until no more replacements can be performed. This ensures that any remaining unsafe text is completely removed.

We will modify the citeas method to repeatedly apply the gsub replacement until the input string no longer changes. This approach guarantees that all HTML tags are removed, preventing any potential HTML element injection vulnerabilities.

Suggested changeset 1
lib/isodoc/presentation_function/erefs.rb

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/lib/isodoc/presentation_function/erefs.rb b/lib/isodoc/presentation_function/erefs.rb
--- a/lib/isodoc/presentation_function/erefs.rb
+++ b/lib/isodoc/presentation_function/erefs.rb
@@ -8,4 +8,16 @@
         a = @xrefs.anchor(e["bibitemid"], :xref, false) and
-          e["citeas"] = a.gsub(%r{</?[^>]+>}, "")
+          e["citeas"] = remove_html_tags(a)
       end
+      end
+    end
+
+    private
+
+    def remove_html_tags(input)
+      previous = nil
+      while input != previous
+        previous = input
+        input = input.gsub(%r{</?[^>]+>}, "")
+      end
+      input
     end
EOF
@@ -8,4 +8,16 @@
a = @xrefs.anchor(e["bibitemid"], :xref, false) and
e["citeas"] = a.gsub(%r{</?[^>]+>}, "")
e["citeas"] = remove_html_tags(a)
end
end
end

private

def remove_html_tags(input)
previous = nil
while input != previous
previous = input
input = input.gsub(%r{</?[^>]+>}, "")
end
input
end
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
hound[bot]
hound bot reviewed Dec 3, 2024
View reviewed changes
Copy link

@hound hound bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some files could not be reviewed due to errors:

Error: RuboCop found unknown Ruby version 3.4 in `TargetRubyVersion` paramete... 
Error: RuboCop found unknown Ruby version 3.4 in `TargetRubyVersion` parameter (in .rubocop.yml).
Supported versions: 2.4, 2.5, 2.6, 2.7, 3.0

hound[bot]
hound bot reviewed Dec 3, 2024
View reviewed changes
Copy link

@hound hound bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some files could not be reviewed due to errors:

Error: RuboCop found unknown Ruby version 3.4 in `TargetRubyVersion` paramete... 
Error: RuboCop found unknown Ruby version 3.4 in `TargetRubyVersion` parameter (in .rubocop.yml).
Supported versions: 2.4, 2.5, 2.6, 2.7, 3.0

hound[bot]
hound bot reviewed Dec 3, 2024
View reviewed changes
Copy link

@hound hound bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some files could not be reviewed due to errors:

Error: RuboCop found unknown Ruby version 3.4 in `TargetRubyVersion` paramete... 
Error: RuboCop found unknown Ruby version 3.4 in `TargetRubyVersion` parameter (in .rubocop.yml).
Supported versions: 2.4, 2.5, 2.6, 2.7, 3.0

hound[bot]
hound bot reviewed Dec 3, 2024
View reviewed changes
Copy link

@hound hound bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some files could not be reviewed due to errors:

Error: RuboCop found unknown Ruby version 3.4 in `TargetRubyVersion` paramete... 
Error: RuboCop found unknown Ruby version 3.4 in `TargetRubyVersion` parameter (in .rubocop.yml).
Supported versions: 2.4, 2.5, 2.6, 2.7, 3.0

hound[bot]
hound bot reviewed Dec 4, 2024
View reviewed changes
Copy link

@hound hound bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some files could not be reviewed due to errors:

Error: RuboCop found unknown Ruby version 3.4 in `TargetRubyVersion` paramete... 
Error: RuboCop found unknown Ruby version 3.4 in `TargetRubyVersion` parameter (in .rubocop.yml).
Supported versions: 2.4, 2.5, 2.6, 2.7, 3.0

hound[bot]
hound bot reviewed Dec 5, 2024
View reviewed changes
Copy link

@hound hound bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some files could not be reviewed due to errors:

Error: RuboCop found unknown Ruby version 3.4 in `TargetRubyVersion` paramete... 
Error: RuboCop found unknown Ruby version 3.4 in `TargetRubyVersion` parameter (in .rubocop.yml).
Supported versions: 2.4, 2.5, 2.6, 2.7, 3.0

hound[bot]
hound bot reviewed Dec 5, 2024
View reviewed changes
Copy link

@hound hound bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some files could not be reviewed due to errors:

Error: RuboCop found unknown Ruby version 3.4 in `TargetRubyVersion` paramete... 
Error: RuboCop found unknown Ruby version 3.4 in `TargetRubyVersion` parameter (in .rubocop.yml).
Supported versions: 2.4, 2.5, 2.6, 2.7, 3.0

hound[bot]
hound bot reviewed Dec 7, 2024
View reviewed changes
Copy link

@hound hound bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some files could not be reviewed due to errors:

Error: RuboCop found unknown Ruby version 3.4 in `TargetRubyVersion` paramete... 
Error: RuboCop found unknown Ruby version 3.4 in `TargetRubyVersion` parameter (in .rubocop.yml).
Supported versions: 2.4, 2.5, 2.6, 2.7, 3.0

@opoudjis opoudjis marked this pull request as ready for review December 8, 2024 11:17
hound[bot]
hound bot reviewed Dec 8, 2024
View reviewed changes
Copy link

@hound hound bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some files could not be reviewed due to errors:

Error: RuboCop found unknown Ruby version 3.4 in `TargetRubyVersion` paramete... 
Error: RuboCop found unknown Ruby version 3.4 in `TargetRubyVersion` parameter (in .rubocop.yml).
Supported versions: 2.4, 2.5, 2.6, 2.7, 3.0

@opoudjis opoudjis merged commit 417c222 into main Dec 8, 2024
2 of 4 checks passed
hound[bot]
hound bot reviewed Dec 8, 2024
View reviewed changes
Copy link

@hound hound bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some files could not be reviewed due to errors:

Error: RuboCop found unknown Ruby version 3.4 in `TargetRubyVersion` paramete... 
Error: RuboCop found unknown Ruby version 3.4 in `TargetRubyVersion` parameter (in .rubocop.yml).
Supported versions: 2.4, 2.5, 2.6, 2.7, 3.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hound hound[bot] hound[bot] left review comments

Assignees

@opoudjis opoudjis

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@opoudjis