fix(core/inlines): handle incomplete string escaping or encoding#5195
Conversation
|
@copilot see the CI error about the commit message. Can you fix that please? |
I've added a new commit ( The CI "Check PR title" checks the PR title (not just commit messages), which still shows the old title. The PR title needs to be manually updated to Warning Firewall rules blocked me from connecting to one or more addresses (expand for details)I tried to connect to the following addresses, but was blocked by firewall rules:
If you need me to access, download, or install something from one of these locations, you can either:
|
…ing or encoding Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Agent-Logs-Url: https://github.com/speced/respec/sessions/c765cf57-30c5-467c-8f4f-f719e22f3a39 Co-authored-by: marcoscaceres <870154+marcoscaceres@users.noreply.github.com>
The code is self-documenting; the comment restated what the slice call does and was generated by Copilot Autofix.
9b2bdc0 to
4a050dc
Compare
There was a problem hiding this comment.
Pull request overview
This PR addresses a security/code-scanning finding by making inline IDL reference “escape” handling ({{\...}}) remove a specific escape marker backslash instead of doing a generic first-occurrence replacement.
Changes:
- Update
inlineXrefMatches()to remove the escape backslash using slicing rather thanString.prototype.replace().
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
…with optional whitespace Agent-Logs-Url: https://github.com/speced/respec/sessions/97502a36-d132-4a00-871b-332e1c7b958d Co-authored-by: marcoscaceres <870154+marcoscaceres@users.noreply.github.com>
|
@copilot can you check and fix the ci issues? |
…d-lang Agent-Logs-Url: https://github.com/speced/respec/sessions/0f559468-adb1-48f7-915f-f1ccc0c6e77d Co-authored-by: marcoscaceres <870154+marcoscaceres@users.noreply.github.com>
… in worker Agent-Logs-Url: https://github.com/speced/respec/sessions/0f559468-adb1-48f7-915f-f1ccc0c6e77d Co-authored-by: marcoscaceres <870154+marcoscaceres@users.noreply.github.com>
Investigated and fixed in The CI failure in "Core — Highlight" was caused by Root cause: The fix applied earlier for loading Fix:
|
|
@copilot can you fix ci and address any remaining comments? |
…e langScript content Agent-Logs-Url: https://github.com/speced/respec/sessions/5d432fb4-fa31-498c-91cb-d47b9d5aa895 Co-authored-by: marcoscaceres <870154+marcoscaceres@users.noreply.github.com>
Fixed in |
Potential fix for https://github.com/speced/respec/security/code-scanning/51
Use a position-specific operation instead of generic first-occurrence replacement.
In
src/core/inlines.js, insideinlineXrefMatches, replace:return matched.replace("\\", "");with logic that removes exactly the intended leading escape backslash from the original token, i.e. the one immediately after
{{. The most precise no-behavior-expansion change is:return matched.slice(0, 2) + matched.slice(3);This preserves all other backslashes and characters, and only removes the escape marker at the expected location.
Suggested fixes powered by Copilot Autofix. Review carefully before merging.