jsdomに戻し、brのみを改行とすることに変更 #149
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
This PR is linked to issue #148 |
|
Uplevel your code reviews with CodeRabbit ProCodeRabbit ProIf you like this project, please support us by purchasing the Pro version. The Pro version has advanced context, superior noise reduction and several proprietary improvements compared to the open source version. Moreover, CodeRabbit Pro is free for open source projects. |
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
Files selected (1)
- web/app/feature/translate/utils/extractNumberedElements.ts (1)
Review comments generated (3)
- Review: 2
- LGTM: 1
Tips
Chat with 
CodeRabbit Bot (@coderabbitai)
- Reply on review comments left by this bot to ask follow-up questions. A review comment is a comment on a diff or a file.
- Invite the bot into a review comment chain by tagging
@coderabbitaiin a reply.
Code suggestions
- The bot may make code suggestions, but please review them carefully before committing since the line number ranges may be misaligned.
- You can edit the comment made by the bot and manually tweak the suggestion if it is slightly off.
Pausing incremental reviews
- Add
@coderabbitai: ignoreanywhere in the PR description to pause further reviews from the bot.
Comment on lines
+6
to
+11
| const doc = new JSDOM(content); | ||
| const numberedElements: Array<{ number: number; text: string }> = []; | ||
| // <br>のみを改行とする | ||
| doc.window.document.body.innerHTML = doc.window.document.body.innerHTML | ||
| .replace(/\n/g, "") | ||
| .replace(/<br\s*\/?>/gi, "\n"); |
There was a problem hiding this comment.
doc.window.document.body.innerHTMLの操作は、XSS攻撃に対して脆弱です。ユーザー入力を直接DOMに挿入する前に、適切なサニタイズ処理を行うべきです。
- doc.window.document.body.innerHTML = doc.window.document.body.innerHTML
+ const sanitizedContent = content.replace(/<script[^>]*>([\S\s]*?)<\/script>/gmi, '');
+ doc.window.document.body.innerHTML = sanitizedContent| if (dataNumber !== null) { | ||
| numberedElements.push({ | ||
| number: Number.parseInt(dataNumber, 10), | ||
| text: element.textContent?.trim() || "", |
There was a problem hiding this comment.
Number.parseIntの使用は適切ですが、NaNチェックが不足しています。data-number属性が数値でない場合のエラーハンドリングを追加すべきです。
- number: Number.parseInt(dataNumber, 10),
+ number: Number.isNaN(Number.parseInt(dataNumber, 10)) ? 0 : Number.parseInt(dataNumber, 10),
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes #148
Summary by CodeRabbit