mirror/FileRise
1
0
Fork 0
mirror of https://github.com/error311/FileRise.git synced 2026-05-19 12:09:30 -05:00
Code Issues Packages Projects Releases Wiki Activity

release(v2.6.1): fix(folderManager): replace Math.random SVG IDs with crypto-based UID helper

Browse Source
This commit is contained in:
Ryan
2025-12-13 00:57:49 -05:00
committed by GitHub
parent c95544bd91
commit d3ffe6fd43
3 changed files with 29 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
CHANGELOG.md
+8
View File
@@ -1,5 +1,13 @@
# Changelog
## Changes 12/13/2025 (v2.6.1)
release(v2.6.1): fix(folderManager): replace Math.random SVG IDs with crypto-based UID helper
- Add makeUid() using crypto.randomUUID() / crypto.getRandomValues() (with counter fallback) to avoid Math.random CodeQL findings.
- Use makeUid() for folderSVG() clipPath IDs and recycleBinSVG() IDs to prevent collisions and satisfy security linting.
- UI: tweak header button + header drop area icon padding for more consistent sizing.
## Changes 12/12/2025 (v2.6.0)
release(v2.6.0): Harden downloads and refresh recycle bin + toolbar UX
public/css/styles.css
+5
View File
@@ -979,6 +979,11 @@ label{font-size: 0.9rem;}
@media (max-width: 600px) {
.col-12.col-md-4.text-left{margin-left: -15px;}
}
.header-buttons button:not(#userDropdownToggle),
#headerDropArea .header-card-icon {
padding: 9px;
}
#fileListTitle{font-size: 1.8em;
margin-top: 10px;
margin-bottom: 10px;}
public/js/folderManager.js
+16 -2
View File
@@ -34,6 +34,20 @@ function detachFolderModalsToBody() {
document.addEventListener('DOMContentLoaded', detachFolderModalsToBody);
const PAGE_LIMIT = 100;
let _uidFallbackCounter = 0;
// Generate stable-ish unique IDs using crypto when available (avoids Math.random CodeQL finding).
function makeUid(prefix = 'uid') {
const cryptoObj = (typeof self !== 'undefined' && self.crypto) ? self.crypto : (typeof window !== 'undefined' ? window.crypto : undefined);
if (cryptoObj?.randomUUID) return `${prefix}-${cryptoObj.randomUUID()}`;
if (cryptoObj?.getRandomValues) {
const buf = new Uint32Array(2);
cryptoObj.getRandomValues(buf);
return `${prefix}-${buf[0].toString(36)}${buf[1].toString(36)}`;
}
_uidFallbackCounter = (_uidFallbackCounter + 1) % 0x7fffffff;
return `${prefix}-${Date.now().toString(36)}-${_uidFallbackCounter.toString(36)}`;
}
/* ----------------------
Helpers: safe JSON + state
@@ -538,7 +552,7 @@ async function expandAncestors(targetFolder) {
SVG icon helpers
----------------------*/
export function folderSVG(kind = 'empty', { locked = false } = {}) {
const gid = 'g' + Math.random().toString(36).slice(2, 8);
const gid = makeUid('g');
return `
<svg viewBox="0 0 24 24" aria-hidden="true" focusable="false" style="display:block;shape-rendering:geometricPrecision">
<defs>
@@ -1117,7 +1131,7 @@ function isSafeFolderPath(p) {
const RECYCLE_BIN_ID = 'recycleBinRow';
export function recycleBinSVG(filled = false, size = 24) {
const uid = `rb-${Math.random().toString(36).slice(2, 9)}`;
const uid = makeUid('rb');
const level1Inside = filled ? `
<!-- Level 1: inside the mouth (subtle) -->