Skip to content

fix: sanitize search snippets to prevent XSS from indexed summaries#2

Open
farce1 wants to merge 1 commit intomainfrom
codex/propose-fix-for-fts-xss-vulnerability
Open

fix: sanitize search snippets to prevent XSS from indexed summaries#2
farce1 wants to merge 1 commit intomainfrom
codex/propose-fix-for-fts-xss-vulnerability

Conversation

@farce1
Copy link
Copy Markdown
Owner

@farce1 farce1 commented Apr 10, 2026

Motivation

  • The FTS upsert concatenates user-editable or LLM-generated summary content into the meetings_fts.transcript_text column which is later used by SQLite snippet() and returned as raw HTML.
  • Search snippets were rendered with dangerouslySetInnerHTML without sanitization, creating an XSS vector if a summary contains HTML/JS.

Description

  • Added sanitizeSearchSnippetHtml to src/views/LibraryView.tsx which HTML-escapes snippet content and then allowlists the <mark> tag so FTS highlight markup still renders.
  • Updated renderSearchSnippet to return sanitized HTML via the new sanitizer while preserving existing dangerouslySetInnerHTML usage.
  • Change is minimal and client-side only and keeps search highlighting behavior while preventing arbitrary HTML/JS execution from snippets.

Testing

  • Ran npm test which completed successfully (14 tests passed).
  • Ran npm run build; the first build failed due to use of String.replaceAll, then the sanitizer was adjusted to use regex replace calls and the subsequent npm run build succeeded.
  • Confirmed the change updates src/views/LibraryView.tsx and that search UI still renders with highlight marks while snippet content is escaped.

Codex Task

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

aardvark codex

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@farce1