html-embed: minor hardening (strip root-node type-check; document client read-only relies solely on server strip) #30

New Issue

Ghost · 2026-06-20T20:31:54+03:00

Ghost commented

2026-06-20 20:31:54 +03:00

Found in security review of PR #16 (merged in 7a03321d).

Severity: nit.

stripHtmlEmbedNodes only filters children; the root node itself is never type-checked (apps/server/src/common/helpers/prosemirror/html-embed.util.ts ~L33-41). Not exploitable in practice (the document root is always doc), but a defensive root-type check would make the helper total.
Client read-only execution depends entirely on the server strip (html-embed-view.tsx:71). Correct by design, but it is the sole client-side safeguard for share viewers and deserves an explicit note/test.

Found in security review of PR #16 (merged in 7a03321d). **Severity: nit.** 1. `stripHtmlEmbedNodes` only filters children; the root node itself is never type-checked (`apps/server/src/common/helpers/prosemirror/html-embed.util.ts` ~L33-41). Not exploitable in practice (the document root is always `doc`), but a defensive root-type check would make the helper total. 2. Client read-only execution depends entirely on the server strip (`html-embed-view.tsx:71`). Correct by design, but it is the sole client-side safeguard for share viewers and deserves an explicit note/test.

Ghost referenced this issue from a commit

2026-06-20 21:52:45 +03:00

harden(html-embed): make stripHtmlEmbedNodes total with a root-type check (#30)

Ghost referenced this issue

2026-06-20 21:53:29 +03:00

fix(html-embed): complete kill-switch on read paths (#28) + total strip helper (#30) #46

Ghost referenced this issue from a commit

2026-06-21 01:59:42 +03:00

Merge pull request 'fix(html-embed): complete kill-switch on read paths (#28) + total strip helper (#30)' (#46) from fix/html-embed-hardening into develop

Ghost closed this issue

2026-06-21 02:05:22 +03:00

Sign in to join this conversation.