fix(kon): security audit fixes — CSP, XSS, unwraps, key rename
Security fixes from code audit:
- CSP re-enabled in tauri.conf.json with strict directives
(was null — critical vulnerability)
- XSS fix in viewer highlightText(): HTML entities escaped before
inserting <mark> tags via {@html}
- Removed 3 unwrap() calls in rule_based.rs British English conversion
— replaced with safe let-else guards
- Removed unwrap() on main window lookup in lib.rs setup — now uses
if-let for graceful handling
- Wrapped JSON.parse in DictationPage transcription-result listener
with try/catch
Rebrand cleanup:
- Renamed all localStorage keys from ramble_* to kon_* across
7 files (stores, viewer, float, history)
12 tests passing, clippy clean.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -113,7 +113,10 @@ pub fn to_british_english(text: &str) -> String {
|
||||
if let Ok(re) = regex_lite::Regex::new(&pattern) {
|
||||
result = re
|
||||
.replace_all(&result, |caps: ®ex_lite::Captures| {
|
||||
let matched = caps.get(0).unwrap().as_str();
|
||||
let Some(m) = caps.get(0) else {
|
||||
return String::new();
|
||||
};
|
||||
let matched = m.as_str();
|
||||
let us_base = us.replace("\\b", "");
|
||||
let base_len = us_base.len();
|
||||
let suffix = if matched.len() > base_len {
|
||||
@@ -121,12 +124,17 @@ pub fn to_british_english(text: &str) -> String {
|
||||
} else {
|
||||
""
|
||||
};
|
||||
let first_char = matched.chars().next().unwrap();
|
||||
let Some(first_char) = matched.chars().next() else {
|
||||
return String::new();
|
||||
};
|
||||
let uk_clean = uk.replace("\\b", "");
|
||||
if first_char.is_uppercase() {
|
||||
let mut chars = uk_clean.chars();
|
||||
let Some(first_uk) = chars.next() else {
|
||||
return String::new();
|
||||
};
|
||||
let upper_first: String =
|
||||
chars.next().unwrap().to_uppercase().collect();
|
||||
first_uk.to_uppercase().collect();
|
||||
format!(
|
||||
"{}{}{}",
|
||||
upper_first,
|
||||
|
||||
Reference in New Issue
Block a user