aglinxinyuan commented on code in PR #4997:
URL: https://github.com/apache/texera/pull/4997#discussion_r3212866041
##########
frontend/src/app/workspace/component/code-editor-dialog/code-editor.component.ts:
##########
@@ -187,38 +184,37 @@ export class CodeEditorComponent implements
AfterViewInit, SafeStyle, OnDestroy
this.workflowActionService.getTexeraGraph().updateSharedModelAwareness("editingCode",
false);
localStorage.setItem(this.currentOperatorId,
this.containerElement.nativeElement.style.cssText);
- if (isDefined(this.monacoBinding)) {
- this.monacoBinding.destroy();
- }
-
- this.editorWrapper.dispose(true);
+ this.monacoBinding?.destroy();
+ this.languageClientWrapper?.dispose().catch(() => {});
+ this.languageClientWrapper = undefined;
+ this.editorApp?.dispose().catch(() => {});
+ this.editorApp = undefined;
- if (isDefined(this.workflowVersionStreamSubject)) {
- this.workflowVersionStreamSubject.next();
- this.workflowVersionStreamSubject.complete();
- }
+ this.workflowVersionStreamSubject.next();
+ this.workflowVersionStreamSubject.complete();
}
/**
* Specify the co-editor's cursor style. This step is missing from
MonacoBinding.
* @param coeditor
*/
public getCoeditorCursorStyles(coeditor: Coeditor) {
- const textCSS =
- "<style>" +
- `.yRemoteSelection-${coeditor.clientId} { background-color:
${coeditor.color?.replace("0.8", "0.5")}}` +
- `.yRemoteSelectionHead-${coeditor.clientId}::after { border-color:
${coeditor.color}}` +
- `.yRemoteSelectionHead-${coeditor.clientId} { border-color:
${coeditor.color}}` +
- "</style>";
- return this.sanitizer.bypassSecurityTrustHtml(textCSS);
+ const id = coeditor.clientId;
+ const color = coeditor.color;
+ const selectionBg = color?.replace("0.8", "0.5");
+ return this.sanitizer.bypassSecurityTrustHtml(
+ `<style>` +
+ `.yRemoteSelection-${id} { background-color: ${selectionBg}}` +
+ `.yRemoteSelectionHead-${id}::after { border-color: ${color}}` +
+ `.yRemoteSelectionHead-${id} { border-color: ${color}}` +
+ `</style>`
+ );
Review Comment:
Real concern, hardened in 51b4fe5546.
Both `coeditor.clientId` and `coeditor.color` come from yjs awareness state
and are interpolated into a `<style>` tag passed through
`bypassSecurityTrustHtml`, so anything that escapes the tag would land in the
page as raw HTML.
Added two tight allow-list regexes and bail out to an empty stylesheet if
either fails:
```ts
private static readonly SAFE_CLIENT_ID = /^\d{1,10}$/;
private static readonly SAFE_CSS_COLOR =
/^(?:#[0-9a-fA-F]{3,8}|rgba?\([\d.,\s]+\)|hsla?\([\d.,%\s]+\))$/;
```
The id regex matches yjs's decimal-serialised 32-bit clientID; the colour
regex covers the only forms our own code emits (hex / `rgb(a)` / `hsl(a)`).
Anything outside those patterns short-circuits to
`bypassSecurityTrustHtml("")`. Long-term, `CSSStyleSheet` /
`adoptedStyleSheets` would be even better — happy to file that as a follow-up
if you'd like.
##########
frontend/custom-webpack.config.js:
##########
@@ -19,15 +19,85 @@
const { LicenseWebpackPlugin } = require("license-webpack-plugin");
+// Workaround for license-webpack-plugin v4 crashing with `ENOENT: scandir ''`
when a
+// bundled module has no resolvable on-disk directory. Some
@codingame/monaco-vscode-*
+// sub-modules surface as virtual entries (descriptionFileRoot === '') after
the v25
+// upgrade. Make listPaths/readFileAsUtf8/isDirectory tolerant of empty paths.
+{
+ const fs = require("fs");
Review Comment:
Already gone in de4d47b7b2. The whole license-webpack-plugin
filesystem-monkey-patch block (the `const fs = require("fs")` + the
`WebpackFileSystem` overrides) was deleted as dead code —
`handleMissingLicenseText: () => null` already absorbs the ENOENT cases on its
own. `custom-webpack.config.js` shrank from 154 to 84 lines in that commit.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
