Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 63d97e7b4e
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| id: `mock-${seed}-1`, | ||
| acct: `${seed}.studio`, | ||
| displayName: `${seed} Studio`, | ||
| avatar: 'https://images.unsplash.com/photo-1544723795-3fb6469f5b39?auto=format&fit=crop&w=200&q=80', | ||
| noteHtml: `<p>Preview account for <strong>${seed}</strong>.</p>`, |
There was a problem hiding this comment.
In offline preview mode, the mock noteHtml (and similarly contentHtml) interpolates seed directly into an HTML string. Because seed is derived from submitted.trim() and later rendered via dangerouslySetInnerHTML (e.g., in SearchPage and StatusCard), a user can enter HTML/JS in the search box and have it injected into the DOM. This is a client-side XSS risk that only occurs when no client session exists and the preview path is used, but it still allows untrusted input to execute in the app. Consider escaping seed (or rendering as text) before constructing these HTML strings.
Useful? React with 👍 / 👎.
1 participant
Motivation
Description
accounts,statuses, andhashtagsfromapps/web/src/pages/SearchPage.tsxwhenclientis absent and update the search hint to "Showing preview results (connect to search)." to indicate preview mode.SurfaceOverlaycomponent (apps/web/src/components/SurfaceOverlay.tsx) and applyrelative overflow-hidden+ overlays across many pages/components (Search, Me, Login, Register, Timeline, LeftNav, Extensions panel, etc.) for consistent layered visuals.Container,Row, andColumn(packages/ui/src/layout/Layout.tsx) and updateapps/web/src/app/App.tsxto use these primitives with resizable/collapsible left/right panes and icon toggles, plus add demo pagesComponentsPage,LayoutPage, andLayoutPrimitivesPageunderapps/web/src/pages/.@ghostodon/uiexports and add a set of new primitives (ActionPanel,AvatarButton,DateField,InfoCard,MediaCard,InputField,Skeleton,StatCard,TextAreaField,Typography,UploadButton,UserCard) underpackages/ui/src/primitives/, and updatepackages/ui/src/mastodon/StatusCard.tsxto render decorative overlay layers while keeping interactivity.apps/web/src/styles/index.cssand adjustapps/web/vite.config.tsto exclude@ghostodon/uifrom optimized deps; updateapps/web/src/components/LeftNav.tsxto add new nav entries and use overlays; mark OAuth PKCE aswipinapps/web/src/stages/stages.tsand add a note about resizable panes.Testing
pnpm --filter @ghostodon/core build, which completed successfully.pnpm --filter web exec -- vite --host 0.0.0.0 --port 5173, which started successfully./search, submitted a query and captured a screenshot of the preview results, and the script completed and producedartifacts/ghostodon-search-preview.png.Codex Task