Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(dashboard): Add a disableOutputSanitization option for in app steps #7456

Merged
merged 1 commit into from
Jan 13, 2025
Merged

feat(dashboard): Add a disableOutputSanitization option for in app steps #7456

merged 1 commit into from
Jan 13, 2025

Conversation

desiprisg
Copy link
Contributor

What changed? Why was the change needed?

Screenshots

Expand for optional sections

Related enterprise PR

Special notes for your reviewer

@linear Linear
Copy link

linear bot commented Jan 8, 2025

NV-5142 Sanitize HTML Character References in the new Inbox API

@netlify Netlify
Copy link

netlify bot commented Jan 8, 2025
edited
Loading

Deploy Preview for dev-web-novu ready!

Name Link
🔨 Latest commit 1b682f7
🔍 Latest deploy log https://app.netlify.com/sites/dev-web-novu/deploys/67851d45927898000851d8bb
😎 Deploy Preview https://deploy-preview-7456.dashboard.novu-staging.co
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

@netlify Netlify
Copy link

netlify bot commented Jan 8, 2025
edited
Loading

Deploy Preview for dashboard-v2-novu-staging ready!

Name Link
🔨 Latest commit 1b682f7
🔍 Latest deploy log https://app.netlify.com/sites/dashboard-v2-novu-staging/deploys/67851d45a8fa8200085de101
😎 Deploy Preview https://deploy-preview-7456.dashboard-v2.novu-staging.co
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

@desiprisg desiprisg self-assigned this Jan 8, 2025
@desiprisg desiprisg marked this pull request as draft January 8, 2025 13:35
djabarovgeorge
djabarovgeorge reviewed Jan 8, 2025
View reviewed changes
...nvironments-v1/usecases/construct-framework-workflow/construct-framework-workflow.usecase.ts Outdated
@@ -215,6 +213,8 @@ export class ConstructFrameworkWorkflow {
// TODO: fix the `JSONSchemaDto` type to enforce a non-primitive schema type.
controlSchema: staticStep.template!.controls!.schema as JsonSchema,
skip: (controlValues: Record<string, unknown>) => this.processSkipOption(controlValues, fullPayloadForRender),
disableOutputSanitization:
(staticStep.controlVariables?.disableOutputSanitization as boolean | undefined) ?? false,
Copy link
Contributor

@djabarovgeorge djabarovgeorge Jan 8, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do we need to transfer this flat to boolean just in case we stored it in the db as "false"

in addition as mentioned in the DM staticStep.controlVariables is not available from the database. we need either fetch those controls or pass them from the framework to this scope.

@desiprisg desiprisg force-pushed the nv-5142-sanitize-html-character-references-in-the-new-inbox-api branch from 37d296e to 1e906ec Compare January 9, 2025 11:52
@pkg-pr-new pkg.pr.new
Copy link

pkg-pr-new bot commented Jan 9, 2025
edited
Loading

Open in Stackblitz

@novu/client

npm i https://pkg.pr.new/novuhq/novu/@novu/client@7456

@novu/headless

npm i https://pkg.pr.new/novuhq/novu/@novu/headless@7456

@novu/node

npm i https://pkg.pr.new/novuhq/novu/@novu/node@7456

@novu/notification-center

npm i https://pkg.pr.new/novuhq/novu/@novu/notification-center@7456

novu

npm i https://pkg.pr.new/novuhq/novu@7456

@novu/providers

npm i https://pkg.pr.new/novuhq/novu/@novu/providers@7456

@novu/shared

npm i https://pkg.pr.new/novuhq/novu/@novu/shared@7456

commit: 1b682f7

@desiprisg desiprisg force-pushed the nv-5142-sanitize-html-character-references-in-the-new-inbox-api branch from 1e906ec to f759279 Compare January 10, 2025 09:13
@desiprisg desiprisg force-pushed the nv-5142-sanitize-html-character-references-in-the-new-inbox-api branch from f759279 to 8b4c88e Compare January 10, 2025 10:32
@desiprisg desiprisg force-pushed the nv-5142-sanitize-html-character-references-in-the-new-inbox-api branch from 8b4c88e to e98e667 Compare January 10, 2025 10:51
@desiprisg desiprisg force-pushed the nv-5142-sanitize-html-character-references-in-the-new-inbox-api branch from e98e667 to 16b350b Compare January 13, 2025 09:42
@desiprisg desiprisg force-pushed the nv-5142-sanitize-html-character-references-in-the-new-inbox-api branch from 16b350b to a251050 Compare January 13, 2025 10:46
@desiprisg desiprisg marked this pull request as ready for review January 13, 2025 11:02
djabarovgeorge
djabarovgeorge reviewed Jan 13, 2025
View reviewed changes
Copy link
Contributor

@djabarovgeorge djabarovgeorge left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me, great job! :)
Please ensure that we remove disableOutputSanitization in InAppOutputRendererUsecase, just like we remove skip. Unfortunately, we don’t have strict types there yet. I believe the framework (via the Output Schema) could throw a validation error for this mismatch.

On a related note, have we tested the full flow, including trigger execution?

@SokratisVidros SokratisVidros force-pushed the nv-5142-sanitize-html-character-references-in-the-new-inbox-api branch from a251050 to 1b682f7 Compare January 13, 2025 14:03
@SokratisVidros SokratisVidros merged commit 8f0db65 into next Jan 13, 2025
38 of 40 checks passed
@SokratisVidros SokratisVidros deleted the nv-5142-sanitize-html-character-references-in-the-new-inbox-api branch January 13, 2025 16:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@djabarovgeorge djabarovgeorge djabarovgeorge left review comments

@SokratisVidros SokratisVidros SokratisVidros approved these changes

Assignees

@desiprisg desiprisg

Labels
@novu/api-service @novu/dashboard @novu/shared
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@desiprisg @SokratisVidros @djabarovgeorge