feat(spx-gui): fixed the issue of merging line breaks after using a custom self-closing tag #2477
Conversation
Summary of ChangesHello @Overu, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request addresses a specific rendering anomaly within the MarkdownView component where custom self-closing tags, when immediately followed by a line break and text, would lead to an incorrect merging of content. By introducing a new preprocessing step, Highlights
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
The pull request introduces a new preprocessing step to correctly handle line breaks after custom self-closing tags in Markdown, which addresses the issue of merging line breaks. The new preprocessInlineComponents function and its integration into parseMarkdown are well-tested. A minor typo was found in a constraint description.
![xgopilot[bot]](https://avatars.githubusercontent.com/in/1924301?s=60&v=4){kind=small}
| tagNames.forEach((tagName) => { | ||
| // This scenario only occurs with self-closing tags, so this processing currently only targets | ||
| // self-closing tags of custom elements. | ||
| value = value.replace(new RegExp(`(<${tagName}[^>]*/>)[ \t]*\r?\n([^\n]*\\S[^\n]*)`, 'g'), '$1\n\n$2') |
There was a problem hiding this comment.
Critical: ReDoS Vulnerability & Performance Issue
This line has two critical issues:
-
ReDoS (Regular Expression Denial of Service): The pattern
([^\n]*\\S[^\n]*)can cause catastrophic backtracking on inputs with long sequences of whitespace. -
Performance: Creating
new RegExp()inside the forEach loop means the regex is recompiled for every tag name on every parse. During streaming updates, this causes significant overhead.
Recommended fix:
export function preprocessInlineComponents(value: string, tagNames: string[]): string {
if (!value || tagNames.length === 0) return value
// Precompile patterns once with bounded quantifiers to prevent ReDoS
const patterns = tagNames.map(tagName => {
const escaped = tagName.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')
return new RegExp(`(<${escaped}[^>]{0,500}/>)[ \\t]{0,100}\\r?\\n([^\\n]{0,1000}\\S[^\\n]{0,1000})`, 'g')
})
return patterns.reduce((acc, pattern) => acc.replace(pattern, '$1\n\n$2'), value)
}This also adds regex escaping for tag names and input validation.
There was a problem hiding this comment.
涉及到跨多行的处理,用正则不太合适,改为代码解析。
spx-gui/src/components/common/markdown-vue/MarkdownView.test.ts
Outdated
Show resolved
Hide resolved
Code Review SummaryThis PR successfully addresses issue #2472 with good test coverage and clear documentation. However, there are critical security and performance issues that must be addressed before merging. Critical Issues:
Important Issues:
The implementation is solid with excellent test coverage, but the regex pattern needs immediate attention for both security and performance. See inline comments for detailed recommendations. |
|
This PR has been deployed to the preview environment. You can explore it using the preview URL. Warning Please note that deployments in the preview environment are temporary and will be automatically cleaned up after a certain period. Make sure to explore it before it is removed. For any questions, contact the XBuilder team. |
…ustom self-closing tag
… for simplified handling
| * Process self-closing tags in the hast nodes. | ||
| * This makes sure self-closing is supported for all custom components. | ||
| * Preprocesses custom self-closing elements in a Markdown string. | ||
| * According to the Markdown specification, a custom self-closing element followed by a line break |
There was a problem hiding this comment.
这里注释好像要更新一下,现在的行为已经不是只针对“self-closing element followed by a line break”的问题了;而是支持 custom component 的 self-closing 写法会顺便解决这个问题?
There was a problem hiding this comment.
3 participants
Closed #2472