Add Material 3 radial urchin visualization to Visuals tab#124
Conversation
… exports; replace PNG calendar
✅ Deploy Preview for wyrrdmaek ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| showTooltip(arc) { | ||
| if (!arc) { | ||
| this.hideTooltip(); | ||
| return; | ||
| } | ||
| const html = buildTooltipContent(arc); | ||
| this.tooltipMeta.innerHTML = html; |
There was a problem hiding this comment.
The tooltip builder renders schedule data by assigning this.tooltipMeta.innerHTML = html where html is generated from arc.label, arc.event.activity, and arc.event.metadata.note without escaping. Because JSON payloads can be loaded from local storage or uploaded by the user, a crafted label like <img src=x onerror=alert(1)> will execute when the tooltip renders. Please treat these fields as untrusted and either use textContent or escape them before writing to innerHTML to avoid XSS.
Useful? React with 👍 / 👎.
1 participant
Summary
Testing
Codex Task