Conversation
package search now returns all package hits in a single table, prioritizing package name (i.e., search hits), and then the version of package, kernel, kernel version. Kernels now link to their relevant version'd kernel on the kernel view added sorting to table columns and resolved bug in language display
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
This PR is being reviewed by Cursor Bugbot
Details
You are on the Bugbot Free tier. On this plan, Bugbot will review limited PRs each billing cycle.
To receive Bugbot reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial.
| // Create clickable kernel name link if kernel info is available | ||
| let kernelNameCell; | ||
| if (row.kernelName !== 'N/A' && row.kernelVersion !== 'N/A' && row.language !== 'N/A') { | ||
| kernelNameCell = `<a href="#" class="kernel-link" data-language="${escapeHtml(row.language)}" data-kernel-name="${escapeHtml(row.kernelName)}" data-kernel-version="${escapeHtml(row.kernelVersion)}" style="color: var(--illinois-blue); text-decoration: none; font-weight: 500; cursor: pointer;">${escapeHtml(row.kernelName)}</a>`; |
There was a problem hiding this comment.
Bug: Incomplete HTML escaping allows attribute injection in data attributes
The escapeHtml function only escapes <, >, and & characters via textContent/innerHTML, but does not escape double quotes. When used inside HTML attribute values (the data-language, data-kernel-name, and data-kernel-version attributes), any value containing a " character would break out of the attribute context. This could cause HTML corruption or allow attribute injection if the backend data contains quote characters. For proper attribute context escaping, double quotes need to be converted to ".
1 participant
package search now returns all package hits in a single table, prioritizing package name (i.e., search hits), and then the version of package, kernel, kernel version.
Kernels now link to their relevant version'd kernel on the kernel view
added sorting to table columns and resolved bug in language display
Note
Package search now renders a single sortable table with kernel links; adjusted Dockerfile paths and README build command.
kernel.kernel_language || kernel.language.web/Dockerfile: updateCOPYpaths to use local context (removeweb/prefixes).README.md: fix Docker build command to use-f web/Dockerfile web/.Written by Cursor Bugbot for commit 50f592b. This will update automatically on new commits. Configure here.