Conversation
…l'URL de flux Évite les chemins dupliqués (media/media, etc.) lors de la construction de l'URL HLS. Co-authored-by: Cursor <cursoragent@cursor.com>
Évite l'échec de push sur les tags versionnés après promotion dev→main. Co-authored-by: Cursor <cursoragent@cursor.com>
- Champs sensibles en type password avec autoComplete=off ; URL announce également. - Efface le masque TMDB au focus dans TmdbStep ; validation sauvegarde si caractères • résiduels dans TmdbConfig. - Sentinel : apprentissage sur credentials et prévention announce URLs. Suite aux commentaires gemini-code-assist sur les PR Sentinel/Jules. Co-authored-by: Cursor <cursoragent@cursor.com>
…corrigés Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
chore: merge dev into main
chore: merge dev into main
chore: merge dev into main
chore: merge dev into main
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request addresses a security vulnerability regarding the exposure of sensitive credentials in UI forms by switching input types from 'text' to 'password' and adding 'autoComplete="off"' across several components. It also introduces a visual placeholder constant for TMDB keys and improves path normalization logic to recursively remove redundant prefixes. Feedback identifies opportunities to remove redundant event handlers in the TMDB configuration and optimize string operations within the path normalization utility.
| onInput={(e) => { | ||
| const value = (e.target as HTMLInputElement).value || ''; | ||
| if (tmdbHasKey && value !== '••••••••••••••••••••••••') setTmdbKey(value); | ||
| if (tmdbHasKey && value !== TMDB_KEY_VISUAL_PLACEHOLDER) setTmdbKey(value); | ||
| else if (!tmdbHasKey) setTmdbKey(value); | ||
| }} | ||
| onChange={(e) => { | ||
| const value = (e.target as HTMLInputElement).value || ''; | ||
| if (tmdbHasKey && value !== '••••••••••••••••••••••••') setTmdbKey(value); | ||
| if (tmdbHasKey && value !== TMDB_KEY_VISUAL_PLACEHOLDER) setTmdbKey(value); | ||
| else if (!tmdbHasKey) setTmdbKey(value); | ||
| }} |
There was a problem hiding this comment.
Les gestionnaires onInput et onChange sont redondants car ils exécutent la même logique. En Preact, onInput est suffisant pour synchroniser l'état avec la valeur de l'input en temps réel. De plus, la condition peut être simplifiée pour améliorer la lisibilité.
onInput={(e) => {
const value = (e.target as HTMLInputElement).value || '';
if (!tmdbHasKey || value !== TMDB_KEY_VISUAL_PLACEHOLDER) {
setTmdbKey(value);
}
}}
| while (changed) { | ||
| changed = false; | ||
| if (normalizedPath.toLowerCase().startsWith('media/')) { | ||
| normalizedPath = normalizedPath.substring(6); | ||
| changed = true; | ||
| } else if (normalizedPath.toLowerCase().startsWith('downloads/')) { | ||
| normalizedPath = normalizedPath.substring(10); | ||
| changed = true; | ||
| } | ||
| } |
There was a problem hiding this comment.
L'appel à toLowerCase() est répété à chaque vérification de préfixe. Il est préférable de le calculer une seule fois par itération de la boucle pour optimiser les performances, surtout si le chemin est long.
| while (changed) { | |
| changed = false; | |
| if (normalizedPath.toLowerCase().startsWith('media/')) { | |
| normalizedPath = normalizedPath.substring(6); | |
| changed = true; | |
| } else if (normalizedPath.toLowerCase().startsWith('downloads/')) { | |
| normalizedPath = normalizedPath.substring(10); | |
| changed = true; | |
| } | |
| } | |
| while (changed) { | |
| changed = false; | |
| const lowerPath = normalizedPath.toLowerCase(); | |
| if (lowerPath.startsWith('media/')) { | |
| normalizedPath = normalizedPath.substring(6); | |
| changed = true; | |
| } else if (lowerPath.startsWith('downloads/')) { | |
| normalizedPath = normalizedPath.substring(10); | |
| changed = true; | |
| } | |
| } |
1 participant
No description provided.