mirror of
https://github.com/siteboon/claudecodeui.git
synced 2026-07-02 18:43:08 +08:00
fix(file-viewer): address review feedback on media preview
- Never write preview-only or binary files: handleSave is a no-op when previewKind/isBinary, and the text buffer is cleared when switching to a media/binary file, so Cmd/Ctrl+S can no longer post a stale or empty buffer over the file on disk (CodeRabbit: Data Integrity, Critical). - Choose the fallback MIME type per file extension (single source of truth in previewableFile.ts) instead of per preview-kind, and only override when the server Content-Type is missing or generic, so webm/ogv/ogg/flac/svg render correctly (CodeRabbit: Functional Correctness, Major). - Harden the PDF iframe: validate the %PDF- magic bytes and pin the blob MIME to application/pdf so a mislabeled HTML/SVG file can't execute in the app origin. A sandbox attribute is intentionally not used because Chromium's built-in PDF viewer will not load inside any sandboxed frame (CodeRabbit: Security, Critical). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -44,13 +44,17 @@ export const useCodeEditorDocument = ({ file, projectPath }: UseCodeEditorDocume
|
||||
|
||||
// Natively previewable media (image/pdf/audio/video) is rendered by
|
||||
// CodeEditorMediaPreview, so there is nothing to read as text here.
|
||||
// Clear any buffer left over from a previously opened text file so a
|
||||
// stray save can't write stale content over the binary file.
|
||||
if (getPreviewKind(file.name)) {
|
||||
setContent('');
|
||||
setLoading(false);
|
||||
return;
|
||||
}
|
||||
|
||||
// Check if file is binary by extension
|
||||
if (isBinaryFile(file.name)) {
|
||||
setContent('');
|
||||
setIsBinary(true);
|
||||
setLoading(false);
|
||||
return;
|
||||
@@ -87,6 +91,12 @@ export const useCodeEditorDocument = ({ file, projectPath }: UseCodeEditorDocume
|
||||
}, [file.diffInfo, file.name, fileDiffNewString, fileDiffOldString, fileName, filePath, fileProjectId]);
|
||||
|
||||
const handleSave = useCallback(async () => {
|
||||
// Preview-only and binary files have no editable text buffer; never write
|
||||
// them back (e.g. via Cmd/Ctrl+S) or we'd corrupt the file on disk.
|
||||
if (previewKind || isBinaryFile(fileName)) {
|
||||
return;
|
||||
}
|
||||
|
||||
setSaving(true);
|
||||
setSaveError(null);
|
||||
|
||||
@@ -120,7 +130,7 @@ export const useCodeEditorDocument = ({ file, projectPath }: UseCodeEditorDocume
|
||||
} finally {
|
||||
setSaving(false);
|
||||
}
|
||||
}, [content, filePath, fileProjectId]);
|
||||
}, [content, filePath, fileProjectId, previewKind, fileName]);
|
||||
|
||||
const handleDownload = useCallback(() => {
|
||||
const blob = new Blob([content], { type: 'text/plain' });
|
||||
|
||||
Reference in New Issue
Block a user