Skip to content

Commit 135393f

Browse files
authored
Remove injection vulnerability in codemirror e2e via inputs.browser (#670)
1 parent 6ce6e5d commit 135393f

2 files changed

Lines changed: 13 additions & 5 deletions

File tree

.github/actions/codemirror-e2e-tests/action.yaml

Lines changed: 10 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -13,20 +13,26 @@ runs:
1313
steps:
1414
- name: Validate browser input
1515
shell: bash
16+
env:
17+
BROWSER: ${{ inputs.browser }}
1618
run: |
17-
if [[ "${{ inputs.browser }}" != "chromium" && "${{ inputs.browser }}" != "firefox" ]]; then
18-
echo "Invalid browser (should be one of firefox or chromium): ${{ inputs.browser }}"
19+
if [[ "$BROWSER" != "chromium" && "$BROWSER" != "firefox" ]]; then
20+
echo "Invalid browser (should be one of firefox or chromium): $BROWSER"
1921
exit 1
2022
fi
2123
2224
- name: Install Playwright Browsers
2325
shell: bash
24-
run: pnpm exec playwright install --only-shell --with-deps ${{ inputs.browser }}
26+
env:
27+
BROWSER: ${{ inputs.browser }}
28+
run: pnpm exec playwright install --only-shell --with-deps "$BROWSER"
2529
working-directory: packages/react-codemirror
2630

2731
- name: Run e2e test
2832
shell: bash
29-
run: pnpm --filter react-codemirror test:e2e --project=${{ inputs.browser }}
33+
env:
34+
BROWSER: ${{ inputs.browser }}
35+
run: pnpm --filter react-codemirror test:e2e --project="$BROWSER"
3036

3137
- name: Upload Playwright Report
3238
uses: actions/upload-artifact@v4

.lintstagedrc.json

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,5 +7,7 @@
77
],
88
"vendor/antlr4-c3/index.ts": ["bash check-imports.sh"],
99
"*.js": ["oxlint --fix --type-aware --max-warnings 0"],
10-
"*.json": ["oxfmt"]
10+
"*.json": ["oxfmt"],
11+
"*.yaml": ["oxfmt"],
12+
"*.yml": ["oxfmt"]
1113
}

0 commit comments

Comments
 (0)