forgejo_admin/minio-playground
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

QA nits from PR #5: escape mock data values, encode role param #6

New issue
Open
opened 2026-03-21 21:54:20 +00:00 by forgejo_admin · 0 comments
forgejo_admin commented 2026-03-21 21:54:20 +00:00
Owner
Copy link

Type

Bug

Repo

forgejo_admin/minio-playground

What Broke

QA re-review of PR #5 identified 3 non-blocking nits. All involve values from hardcoded mock data or internal state that aren't sanitized — low risk now (mock data is controlled) but must be fixed before SvelteKit promotion with real data.

  1. Unescaped bucket.name from hardcoded mock data in renderBucketList() — would break if a bucket name contained < or &
  2. Unencoded role param in an href in renderBottomNav() — role values are controlled strings now but should be encoded for correctness
  3. Unescaped obj.contentType from mock data in renderDetail() — MIME types don't contain HTML chars in practice but should be escaped for consistency

Repro Steps

  1. Add a mock bucket with name containing &renderBucketList() would produce malformed HTML
  2. Inspect bottom nav links — role param is not URL-encoded
  3. Add a mock object with contentType containing <renderDetail() would produce malformed HTML

Expected Behavior

  1. All values from any source (URL params, mock data, API responses) should be escaped before innerHTML
  2. All URL query params should be encoded with encodeURIComponent()
  3. Consistent escaping regardless of data source

Environment

  • minio-playground main branch (post PR #5 merge)
  • Any browser

Lineage

plan-minio-mobile → Phase 1 (QA nits from PR #5)

File Targets

  • app.js — wrap bucket.name in escapeHtml() in renderBucketList(), encode role in renderBottomNav(), wrap obj.contentType in escapeHtml() in renderDetail()

Acceptance Criteria

  • All mock data values escaped before innerHTML
  • All URL params encoded with encodeURIComponent()
  • All pages still render at 390px

Checklist

  • PR opened
  • No unrelated changes

Related

  • phase-minio-mobile-1-playground-auth — source phase
### Type Bug ### Repo `forgejo_admin/minio-playground` ### What Broke QA re-review of PR #5 identified 3 non-blocking nits. All involve values from hardcoded mock data or internal state that aren't sanitized — low risk now (mock data is controlled) but must be fixed before SvelteKit promotion with real data. 1. Unescaped `bucket.name` from hardcoded mock data in `renderBucketList()` — would break if a bucket name contained `<` or `&` 2. Unencoded `role` param in an `href` in `renderBottomNav()` — role values are controlled strings now but should be encoded for correctness 3. Unescaped `obj.contentType` from mock data in `renderDetail()` — MIME types don't contain HTML chars in practice but should be escaped for consistency ### Repro Steps 1. Add a mock bucket with name containing `&` — `renderBucketList()` would produce malformed HTML 2. Inspect bottom nav links — `role` param is not URL-encoded 3. Add a mock object with `contentType` containing `<` — `renderDetail()` would produce malformed HTML ### Expected Behavior 1. All values from any source (URL params, mock data, API responses) should be escaped before innerHTML 2. All URL query params should be encoded with `encodeURIComponent()` 3. Consistent escaping regardless of data source ### Environment - minio-playground main branch (post PR #5 merge) - Any browser ### Lineage `plan-minio-mobile` → Phase 1 (QA nits from PR #5) ### File Targets - `app.js` — wrap `bucket.name` in `escapeHtml()` in `renderBucketList()`, encode `role` in `renderBottomNav()`, wrap `obj.contentType` in `escapeHtml()` in `renderDetail()` ### Acceptance Criteria - [ ] All mock data values escaped before innerHTML - [ ] All URL params encoded with `encodeURIComponent()` - [ ] All pages still render at 390px ### Checklist - [ ] PR opened - [ ] No unrelated changes ### Related - `phase-minio-mobile-1-playground-auth` — source phase
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
No results found.
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
forgejo_admin/minio-playground#6
No description provided.