Client web/7416 disable image pasting when hide image options flag is true

[reactoholic]

Commit # fb90270 - one line fixer for Verified sign for organizations

Commit # 6711095 - prevent image pasting if hideImageOptions flag is true

Summary by CodeRabbit

• New Features

  • Enhanced markdown input paste handling with image and HTML content restrictions
  • Added option to hide image options during paste events

• Style

  • Updated comments for improved clarity in markdown input component
  • Modified BlockTitle component styling in organization verified status view

[coderabbitai]

Walkthrough

The pull request introduces two distinct changes: first, in the MarkdownInput component, a new function is added to streamline the detection of images and HTML content containing <img> tags, enhancing the paste handling logic. This includes a check for the hideImageOptions prop to block pasting images when enabled. Second, in the OrganizationVerifiedStatus component, the BlockTitle variant is modified to "caption" for styling purposes.

Changes

File	Change Summary
src/core/ui/forms/MarkdownInput/MarkdownInput.tsx	Added isImageOrHtmlWithImage function for improved paste handling; updated logic to check hideImageOptions prop; refined comments
src/domain/community/contributor/organization/OrganizationVerifiedStatus.tsx	Modified BlockTitle component to use variant="caption"

Possibly related PRs

• implement image pasting in md editor #7387: Implements image pasting functionality in the Markdown editor, which is directly related to the paste handling changes in this PR.

Suggested labels

feature

Suggested reviewers

• bobbykolev

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🔭 Outside diff range comments (1)

src/core/ui/forms/MarkdownInput/MarkdownInput.tsx (1)

Line range hint 148-187: Add file validation for uploaded images

Consider adding validation for:

• File size limits
• Allowed image formats
• Image dimensions

Example implementation:

const validateImageFile = (file: File) => {
  const MAX_SIZE = 5 * 1024 * 1024; // 5MB
  const ALLOWED_TYPES = ['image/jpeg', 'image/png', 'image/gif'];
  
  if (file.size > MAX_SIZE) {
    notify(t('components.file-upload.file-too-large'), 'error');
    return false;
  }
  
  if (!ALLOWED_TYPES.includes(file.type)) {
    notify(t('components.file-upload.invalid-file-type'), 'error');
    return false;
  }
  
  return true;
};

Then use it before uploading:

  if (file) {
+   if (!validateImageFile(file)) {
+     return;
+   }
    const reader = new FileReader();

🧹 Nitpick comments (1)

src/core/ui/forms/MarkdownInput/MarkdownInput.tsx (1)

121-146: Consider using a more robust HTML parsing approach

While the current implementation works, using string.includes('<img') for HTML parsing could lead to false positives. Consider using a proper HTML parser or a more specific regex pattern.

Example improvement:

- if (htmlContent.includes('<img')) {
+ const imgTagPattern = /<img[^>]*>/i;
+ if (imgTagPattern.test(htmlContent)) {

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a32be0e and 6711095.

📒 Files selected for processing (2)

• src/core/ui/forms/MarkdownInput/MarkdownInput.tsx (2 hunks)
• src/domain/community/contributor/organization/OrganizationVerifiedStatus.tsx (1 hunks)

✅ Files skipped from review due to trivial changes (1)

• src/domain/community/contributor/organization/OrganizationVerifiedStatus.tsx

🧰 Additional context used

📓 Path-based instructions (1)

src/core/ui/forms/MarkdownInput/MarkdownInput.tsx (1)

Pattern src/**/*.{ts,tsx,js}: Review the React.js/TypeScript/JavaScript code for best practices and potential bugs.
Ensure that the code adheres to TypeScript's typing system and modern standards.
Use the following code guide documentation in the codebase: 'docs/code-guidelines.md'.
Ensure sufficient error handling and logging is present, but note:

• We have a global error handler in place. So local try/catch blocks are not required unless they provide value beyond what the global error handler already covers.
• Avoid flagging the absence of local error handling in cases where the global error handler suffices.
• Avoid flagging the absence of logging in cases where the global logger is already in place (graphql usage).

Inform about the recommendation of not using non-null assertion,
except on GraphQL queries where the variable is asserted non-null and followed by a
skip: with the same variable.
Examples:

• Not Required: there's a skip
  {
  variables: { templateId: templateId! },
  skip: !templateId,
  }

Check for common security vulnerabilities such as:

• SQL Injection
• XSS (Cross-Site Scripting)
• CSRF (Cross-Site Request Forgery)
• Insecure dependencies
• Sensitive data exposure

🔇 Additional comments (1)

src/core/ui/forms/MarkdownInput/MarkdownInput.tsx (1)

191-203: Review the handling of multiple images in clipboard data

The current implementation stops processing after the first image is found. This might lead to missing additional images in the clipboard data when hideImageOptions is false.

Consider whether this is the intended behavior. If not, you might want to:

1. Process all images when hideImageOptions is false
2. Add a comment explaining why only the first image is processed

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (3)

src/core/ui/forms/MarkdownInput/MarkdownInput.tsx (3)

128-128: Consider adding user feedback for storage configuration issues

When storage is not configured, silently falling back to default paste behavior might confuse users trying to paste images. Consider notifying users when image paste fails due to missing storage configuration.

 if (!storageBucketId) {
+  notify(t('components.markdown-input.storage-not-configured'), 'warning');
   return false;
 }

---

131-143: Consider enhancing HTML image detection

The current HTML image detection using includes('<img') might have false positives. Consider using a more robust approach like DOM parsing or regex.

 if (item.kind === 'string' && item.type === 'text/html') {
   const htmlContent = clipboardData.getData('text/html');
-  return htmlContent.includes('<img'); // HTML tag with image
+  // Use regex to match proper img tags
+  return /<img[\s\S]*?src=["']?(?:[^"'>]+)["']?[^>]*>/i.test(htmlContent);
 }

---

145-155: Add user feedback when image paste is blocked

When hideImageOptions is true and an image paste is blocked, users should be notified why their paste action failed.

 if (isImageOrHtmlWithImage(item)) {
   event.preventDefault();
+  notify(t('components.markdown-input.image-paste-disabled'), 'info');
   return true; // Block paste of images or HTML with images
 }

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6711095 and 5c3d752.

📒 Files selected for processing (1)

• src/core/ui/forms/MarkdownInput/MarkdownInput.tsx (1 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

src/core/ui/forms/MarkdownInput/MarkdownInput.tsx (1)

Pattern src/**/*.{ts,tsx,js}: Review the React.js/TypeScript/JavaScript code for best practices and potential bugs.
Ensure that the code adheres to TypeScript's typing system and modern standards.
Use the following code guide documentation in the codebase: 'docs/code-guidelines.md'.
Ensure sufficient error handling and logging is present, but note:

• We have a global error handler in place. So local try/catch blocks are not required unless they provide value beyond what the global error handler already covers.
• Avoid flagging the absence of local error handling in cases where the global error handler suffices.
• Avoid flagging the absence of logging in cases where the global logger is already in place (graphql usage).

Inform about the recommendation of not using non-null assertion,
except on GraphQL queries where the variable is asserted non-null and followed by a
skip: with the same variable.
Examples:

• Not Required: there's a skip
  {
  variables: { templateId: templateId! },
  skip: !templateId,
  }

Check for common security vulnerabilities such as:

• SQL Injection
• XSS (Cross-Site Scripting)
• CSRF (Cross-Site Request Forgery)
• Insecure dependencies
• Sensitive data exposure

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: Travis CI - Pull Request

🔇 Additional comments (1)

src/core/ui/forms/MarkdownInput/MarkdownInput.tsx (1)

122-122: LGTM: Appropriate fallback for missing clipboard data

The return value of false correctly allows default paste behavior when clipboard data is unavailable.