From d08480861acb7cca78a41dbe37e2eba6dca1aae5 Mon Sep 17 00:00:00 2001 From: lin onetwo Date: Sun, 9 Nov 2025 17:11:04 +0800 Subject: [PATCH] fix: injection --- features/stepDefinitions/wiki.ts | 9 +++++---- features/stepDefinitions/window.ts | 19 ------------------- 2 files changed, 5 insertions(+), 23 deletions(-) diff --git a/features/stepDefinitions/wiki.ts b/features/stepDefinitions/wiki.ts index aceec442..1f71afd9 100644 --- a/features/stepDefinitions/wiki.ts +++ b/features/stepDefinitions/wiki.ts @@ -498,9 +498,10 @@ When('I open edit workspace window for workspace with name {string}', async func } // Call the window service to open edit workspace window + // Safely pass workspaceId using JSON serialization to avoid string interpolation vulnerability await mainWindow.webContents.executeJavaScript(` (async () => { - await window.service.window.open('editWorkspace', { workspaceID: '${workspaceId}' }); + await window.service.window.open('editWorkspace', { workspaceID: ${JSON.stringify(workspaceId)} }); })(); `); }, targetWorkspaceId); @@ -557,11 +558,12 @@ When('I create a new wiki workspace with name {string}', async function(this: Ap } // Call workspace service to create new workspace + // Safely pass parameters using JSON serialization to avoid string interpolation vulnerability await mainWindow.webContents.executeJavaScript(` (async () => { await window.service.workspace.create({ - name: '${wikiName}', - wikiFolderLocation: '${wikiFullPath.replace(/\\/g, '\\\\')}', + name: ${JSON.stringify(wikiName)}, + wikiFolderLocation: ${JSON.stringify(wikiFullPath)}, isSubWiki: false, storageService: 'local', }); @@ -607,7 +609,6 @@ async function clearHibernationTestData() { // eslint-disable-next-line @typescript-eslint/no-dynamic-delete delete settings.workspaces[wiki2WorkspaceId]; await fs.writeJson(settingsPath, settings, { spaces: 2 }); - console.log(`Removed wiki2 workspace config: ${wiki2WorkspaceId}`); } } } catch (error) { diff --git a/features/stepDefinitions/window.ts b/features/stepDefinitions/window.ts index 957ee8fe..1aea1279 100644 --- a/features/stepDefinitions/window.ts +++ b/features/stepDefinitions/window.ts @@ -4,25 +4,6 @@ import type { ElectronApplication } from 'playwright'; import type { ApplicationWorld } from './application'; import { checkWindowDimension, checkWindowName } from './application'; -// Helper function to open edit workspace window by calling the service -export async function openEditWorkspaceWindow(app: ElectronApplication, workspaceId: string): Promise { - await app.evaluate(async ({ BrowserWindow }, workspaceId: string) => { - const windows = BrowserWindow.getAllWindows(); - const mainWindow = windows.find(win => !win.isDestroyed() && win.webContents && win.webContents.getURL().includes('index.html')); - - if (!mainWindow) { - throw new Error('Main window not found'); - } - - // Call the window service to open edit workspace window - await mainWindow.webContents.executeJavaScript(` - (async () => { - await window.service.window.open('editWorkspace', { workspaceID: '${workspaceId}' }); - })(); - `); - }, workspaceId); -} - // Helper function to get browser view info from Electron window async function getBrowserViewInfo( app: ElectronApplication,