fix(frontend): handlePaste deduplication and MIME extension sanitization#211
Open
smeinecke wants to merge 2 commits into
Open
fix(frontend): handlePaste deduplication and MIME extension sanitization#211smeinecke wants to merge 2 commits into
smeinecke wants to merge 2 commits into
Conversation
- Remove data.files loop to prevent double-adding pasted files. The DataTransfer.items iteration already covers all files. - Add mimeToExt() helper: lookup map for common compound MIME types (e.g. image/svg+xml -> svg) and strip +suffix from subtype fallback. Fixes invalid extensions like .svg+xml or .vnd.openxmlformats...
Owner
|
Thanks for the mime stuff! I would like to use the mime.getExtension('application/json'); // ⇨ 'json'Regarding the duplication: i see where this is coming from, but cannot reproduce in ff and/or chrome. How can I repro? |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
As I checked #208, I found some other bugs I introduced.
Bug 1:
handlePastedouble-adds pasted filesIn
handlePaste, the code first pushes all entries fromdata.filesintoraw[], then iteratesdata.itemsand pushes everykind === 'file'item — but per spec these represent the same files. Thename|sizededup on line 86 hides this in most cases, but two intentionally identical files get silently merged into one.Fix: iterate only
data.items(filteringkind === 'file') and skip thedata.filesloop entirely.Bug 2: MIME subtype used verbatim as file extension
For
image/svg+xmlthis produces.svg+xml, and for.docxit produces.vnd.openxmlformats-officedocument.... Recipients download files with broken extensions.Fix: add a
mimeToExt()helper with a lookup map for compound MIME types (image/svg+xml→svg, etc.) and strip+suffixfrom the subtype fallback.