Claude skills walkthrough, feature-walkthrough, and before/after#6862
Claude skills walkthrough, feature-walkthrough, and before/after#6862Frooodle wants to merge 1 commit into
Conversation
🚀 V2 Auto-Deployment Complete!Your V2 PR with embedded architecture has been deployed! 🔗 Direct Test URL (non-SSL) http://54.175.155.236:6862 🔐 Secure HTTPS URL: https://6862.ssl.stirlingpdf.cloud This deployment will be automatically cleaned up when the PR is closed. 🔄 Auto-deployed for approved V2 contributors. |
| (function(){ | ||
| var D = window.__BA__ || { tabs: [] }; | ||
| var root = document.getElementById("root"); | ||
| function el(html){ var t=document.createElement("template"); t.innerHTML=html.trim(); return t.content.firstChild; } |
There was a problem hiding this comment.
Using document write methods can lead to XSS attacks - high severity
User controlled data in methods like 'innerHTML', 'outerHTML' or 'document.write' is an anti-pattern that can lead to XSS vulnerabilities.
Show fix
Remediation: Make sure you do not use user input when you are using these methods and if you do, be sure to sanitize the input.
Reply @AikidoSec ignore: [REASON] to ignore this issue.
More info
There was a problem hiding this comment.
✅ Based on your feedback, we ignored this issue because of the following reason:
test doc not live
| li.innerHTML = '<span class="sev ' + sevClass(f.severity) + '">' + (f.severity || "note") + '</span>' + | ||
| '<span><b>' + (f.title || "") + '</b> — ' + (f.detail || "") + | ||
| (f.fix ? ' <span class="fix"><b>Fix:</b> ' + f.fix + '</span>' : '') + '</span>'; |
There was a problem hiding this comment.
Using document write methods can lead to XSS attacks - high severity
User controlled data in methods like 'innerHTML', 'outerHTML' or 'document.write' is an anti-pattern that can lead to XSS vulnerabilities.
Show fix
Remediation: Make sure you do not use user input when you are using these methods and if you do, be sure to sanitize the input.
Reply @AikidoSec ignore: [REASON] to ignore this issue.
More info
There was a problem hiding this comment.
✅ Based on your feedback, we ignored this issue because of the following reason:
test doc not live
| const PAD = Number(process.env.DIFF_PAD ?? "24"); | ||
| const PAGEWIDE = Number(process.env.DIFF_PAGEWIDE ?? "0.6"); | ||
|
|
||
| const read = (p) => PNG.sync.read(fs.readFileSync(p)); |
There was a problem hiding this comment.
Potential file inclusion attack via reading file - medium severity
If an attacker can control the input leading into the ReadFile function, they might be able to read sensitive files and launch further attacks with that information.
| const read = (p) => PNG.sync.read(fs.readFileSync(p)); | |
| const read = (p) => { const rel = path.relative(beforeDir, p); if (rel.startsWith('..') || path.isAbsolute(rel)) throw new Error('Invalid path'); return PNG.sync.read(fs.readFileSync(p)); }; |
Reply @AikidoSec ignore: [REASON] to ignore this issue.
More info
There was a problem hiding this comment.
✅ Based on your feedback, we ignored this issue because of the following reason:
test doc not live
Description of Changes
Add review only Claude skills
Skills (Using #6655 as example for example files)
/ui-walkthrough- captures every state of a feature's UI (empty/populated/dialogs, light + dark + RTL) via the stubbed Playwright harness, builds a single-image HTML report with a global light/dark slider, then runs visual-consistency + UX review passes.--fixauto-applies safe fixes and re-shoots.REAL-ui-walkthrough-pr6655.html
/feature-walkthrough— explains a branch end-to-end (Mermaid diagrams, annotated file map, before/after, "try it locally") so a reviewer with no prior context can follow it.REAL-feature-walkthrough-pr6655.html
/ui-before-after— generic branch/PR visual diff: derives the changed UI from the diff, screenshots before (base) vs after (head), pixel-diffs, auto-crops each pair to the region that actually changed (full-page only when the change is page-wide), and builds PR-ready before/after montages.REAL-ui-before-after-pr6655.html
Checklist
General
Documentation
Translations (if applicable)
scripts/counter_translation.pyUI Changes (if applicable)
Testing (if applicable)
task checkto verify linters, typechecks, and tests pass