Conversation
Summary of ChangesHello @yeeun426, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! 이 PR은 관리자가 여러 위치의 배너를 효율적으로 관리할 수 있도록 통합 배너 관리 시스템을 도입합니다. 관리자 페이지에서 배너를 생성, 편집, 삭제할 수 있는 완전한 기능을 제공하며, 사용자에게 노출되는 기존 배너 섹션들은 이 새로운 통합 시스템을 통해 데이터를 가져오도록 업데이트되었습니다. 이를 통해 배너 관리 프로세스가 간소화되고 일관성이 강화됩니다. Highlights
🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console. Changelog
Activity
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
There was a problem hiding this comment.
Code Review
This PR reorganizes the existing distributed banner management system into a 'unified banner' system, introducing new API hooks, components, and pages for administrators and user-facing sections. A critical Stored Cross-Site Scripting (XSS) vulnerability was identified, as the landingUrl input lacks validation on the admin side and is directly rendered into href attributes on the user side, potentially allowing malicious scripts via javascript: URIs. It is recommended to implement strict URL protocol validation (allowing only http: and https:) and sanitize these URLs before rendering. Additionally, several code-related improvements are needed, primarily concerning API design, efficiency, and potential UI logic bugs. These include ensuring unique IDs in API responses for list rendering, optimizing mutation hooks to prevent unnecessary requests, and fixing bugs related to image processing and data display.
| // PC/MOBILE 아이템을 같은 title+landingUrl 기준으로 그룹핑 | ||
| const groupMap = new Map<string, CommonBannerUserItem>(); | ||
| for (const item of parsed.commonBannerList) { | ||
| const key = `${item.title ?? ''}::${item.landingUrl ?? ''}`; | ||
| if (!groupMap.has(key)) { | ||
| groupMap.set(key, { | ||
| title: item.title, | ||
| landingUrl: item.landingUrl, | ||
| imgUrl: null, | ||
| mobileImgUrl: null, | ||
| }); | ||
| } | ||
| const group = groupMap.get(key)!; | ||
| if (item.agentType === 'PC') { | ||
| group.imgUrl = item.fileUrl; | ||
| } else { | ||
| group.mobileImgUrl = item.fileUrl; | ||
| } | ||
| } | ||
|
|
||
| return Array.from(groupMap.values()); |
There was a problem hiding this comment.
사용자단 배너를 가져오는 useGetCommonBannerListForUser 훅에서 사용하는 /common-banner API의 응답에 각 배너를 식별할 수 있는 고유 ID(commonBannerId)가 누락되어 있습니다. 이로 인해 여러 컴포넌트에서 React key로 index를 사용하는 문제가 발생하고 있습니다.
백엔드 API 응답에 commonBannerId를 포함하도록 수정하고, 이를 그룹핑과 React key 값으로 사용하는 것이 안정성과 성능 면에서 중요합니다. index를 key로 사용하면 리스트가 변경될 때 예기치 않은 동작이 발생할 수 있습니다.
CommonBannerUserItem 타입에 id를 추가하고, 그룹핑 로직에서 이 ID를 전달하도록 수정하는 것을 제안합니다.
| type="button" | ||
| className="absolute right-2 top-2 rounded-full bg-black/50 px-2 py-0.5 text-xs text-white" | ||
| onClick={(e) => { | ||
| e.stopPropagation(); | ||
| onChange(null); | ||
| }} | ||
| > | ||
| ✕ | ||
| </button> |
연관 작업