Feature html viz

[tonywu1999]

Checklist Before Requesting a Review

• I have read the MSstats contributing guidelines
• My changes generate no new warnings
• Any dependent changes have been merged and published in downstream modules
• Ran styler::style_pkg(transformers = styler::tidyverse_style(indent_by = 4))
• Ran devtools::document()

---

PR Type

Enhancement, Documentation

---

Description

• Add HTML export & preview functions

• Implement color mapping & styling utils

• Update NAMESPACE exports & imports

• Provide Rd docs for new functions

---

Diagram Walkthrough

flowchart LR
  data["Nodes & Edges Data"]
  elements["createNodeElements & createEdgeElements"]
  config["generateCytoscapeConfig"]
  html["exportCytoscapeToHTML"]
  preview["previewNetworkInBrowser"]

  data --> elements
  elements --> config
  config --> html
  html --> preview

Loading

File Walkthrough

	Relevant files
Configuration changes	NAMESPACE Update exports and imports for HTML viz                                    NAMESPACE Export new HTML viz functions Import grDevices::colorRamp, rgb Import utils::browseURL +6/-0
Enhancement	visualizeNetworksWithHTML.R Add Cytoscape HTML visualization functions                              R/visualizeNetworksWithHTML.R Add mapLogFCToColor for node coloring Define relationship props & edge consolidation Create node/edge element & style config functions Implement export & preview HTML functions +941/-0
Documentation	exportNetworkToHTML.Rd Document exportNetworkToHTML                                                          man/exportNetworkToHTML.Rd Add documentation for exportNetworkToHTML +32/-0    generateCytoscapeConfig.Rd Document generateCytoscapeConfig                                                  man/generateCytoscapeConfig.Rd Add documentation for generateCytoscapeConfig +38/-0    generateJavaScriptCode.Rd Document generateJavaScriptCode                                                    man/generateJavaScriptCode.Rd Add documentation for generateJavaScriptCode +17/-0    previewNetworkInBrowser.Rd Document previewNetworkInBrowser                                                  man/previewNetworkInBrowser.Rd Add documentation for previewNetworkInBrowser +20/-0

---

[coderabbitai]

Walkthrough

This update introduces a new R script for exporting and visualizing networks as interactive Cytoscape.js HTML files. Three new public functions (exportNetworkToHTML, generateCytoscapeConfig, previewNetworkInBrowser) are added, with corresponding documentation and NAMESPACE exports. Additional package dependencies for color and browser utilities are declared.

Changes

Cohort / File(s)	Change Summary
NAMESPACE and Imports NAMESPACE	Added exports for exportNetworkToHTML, generateCytoscapeConfig, and previewNetworkInBrowser. Imported colorRamp and rgb from grDevices, and browseURL from utils.
Cytoscape Visualization Functions R/visualizeNetworksWithHTML.R	Introduced a new script implementing functions for generating Cytoscape.js configuration, exporting to HTML, mapping node/edge attributes to styles, and providing browser preview. Added helper utilities for color mapping, edge consolidation, and legend generation. Main functions include generateCytoscapeConfig, exportCytoscapeToHTML, exportNetworkToHTML, and previewNetworkInBrowser.
Documentation: exportNetworkToHTML man/exportNetworkToHTML.Rd	Added documentation for exportNetworkToHTML, describing its parameters, usage, and return value as a convenience wrapper for exporting network data to HTML.
Documentation: generateCytoscapeConfig man/generateCytoscapeConfig.Rd	Added documentation for generateCytoscapeConfig, detailing its arguments, expected input/output, and purpose as a Cytoscape configuration generator.
Documentation: generateJavaScriptCode man/generateJavaScriptCode.Rd	Added documentation for generateJavaScriptCode, an internal function for converting configuration objects to JavaScript code.
Documentation: previewNetworkInBrowser man/previewNetworkInBrowser.Rd	Added documentation for previewNetworkInBrowser, describing its usage for temporary HTML preview of network data in a browser.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant R_Package
    participant Browser

    User->>R_Package: Call exportNetworkToHTML(nodes, edges, ...)
    R_Package->>R_Package: generateCytoscapeConfig(node_elements, edge_elements, ...)
    R_Package->>R_Package: exportCytoscapeToHTML(config, filename, ...)
    R_Package->>File: Write standalone HTML file
    User->>R_Package: Optionally call previewNetworkInBrowser(nodes, edges, ...)
    R_Package->>R_Package: Generate temp HTML
    R_Package->>Browser: Open HTML file via browseURL

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

In the meadow of code, new networks now gleam,
HTML and Cytoscape—what a sparkling team!
With colors and legends, the nodes proudly show,
Edges entwine in a browser's warm glow.
Hop, hop, hooray!—visualizations take flight,
A rabbit’s delight, in pixels so bright.
🐇✨

Note

🔌 MCP (Model Context Protocol) integration is now available in Early Access!

Pro users can now connect to remote MCP servers under the Integrations page to get reviews and chat conversations that understand additional development context.

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feature-html-viz

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai generate unit tests to generate unit tests for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[github-actions]

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 5 🔵🔵🔵🔵🔵

🧪 No relevant tests

🔒 No security concerns identified

⚡ Recommended focus areas for review Legend Detection The createLegend JavaScript function unconditionally sets hasLogFC to true, leading to an incorrect gradient legend even when no logFC data is present. // Check if nodes have logFC data const nodes = cy.nodes(); let hasLogFC = false; let logFCValues = []; nodes.forEach(function(node) { const nodeData = node.data(); // Try to extract logFC from color or check if we can determine logFC values HTML Injection Risk User-supplied values (e.g., title, custom_css, custom_js) are concatenated directly into the HTML/JavaScript without escaping, which may cause injection or break the output. html_content <- paste0('<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>', title, '</title> <!-- Cytoscape.js and dependencies --> Performance Concern The consolidateEdges function loops over rows and filters inside the loop (O(n²) complexity), which may not scale for large networks. for (i in 1:nrow(edges)) { edge <- edges[i, ] pair_key <- paste(sort(c(edge$source, edge$target)), edge$interaction, collapse = "-") reverse_key <- paste(sort(c(edge$source, edge$target), decreasing = TRUE), edge$interaction, sep = "-") # Skip if we've already processed this pair if (pair_key %in% processed_pairs) next # Determine relationship category interaction_type <- edge$interaction category <- "other" for (cat_name in names(relationship_props)) { if (interaction_type %in% relationship_props[[cat_name]]$types) { category <- cat_name break } } # Find reverse edge if it exists reverse_edges <- edges[edges$source == edge$target & edges$target == edge$source & edges$interaction == edge$interaction, ]

[github-actions]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
Possible issue	Correct edge key assembly The current pair_key generation misplaces separators due to recycling of vectors in paste, leading to malformed keys. Construct the key by collapsing a single concatenated vector of source, target, and interaction to ensure consistent formatting. Apply the same approach for reverse_key. R/visualizeNetworksWithHTML.R [98] -pair_key <- paste(sort(c(edge$source, edge$target)), edge$interaction, collapse = "-") +pair_key <- paste(c(edge$source, edge$target, edge$interaction), collapse = "-") Suggestion importance[1-10]: 8 __ Why: The original paste call produces malformed pair_key values, breaking bidirectional consolidation logic.	Medium
General	Clamp normalized values to [0,1] To prevent out-of-range inputs to colorRamp, clamp normalized_values to the [0,1] interval after normalization and before handling NA. This ensures color mapping remains valid even if values slightly exceed the expected range. R/visualizeNetworksWithHTML.R [28-31] normalized_values <- (logFC_values - min_logFC) / (max_logFC - min_logFC) +normalized_values <- pmin(pmax(normalized_values, 0), 1) normalized_values[is.na(normalized_values)] <- 0.5 # Default to middle color Suggestion importance[1-10]: 6 __ Why: Clamping prevents out-of-range values from causing unexpected colors or errors in colorRamp, enhancing robustness.	Low

[coderabbitai]

Actionable comments posted: 5

🔭 Outside diff range comments (1)

man/previewNetworkInBrowser.Rd (1)

18-21: Add missing return value documentation.

The documentation is missing a \value section. Even if the function is primarily called for its side effects (opening browser), it should document what it returns.

Add a value section:

 \item{...}{Additional arguments passed to exportCytoscapeToHTML()}
 }
+\value{
+Invisibly returns the file path of the temporary HTML file (or NULL if no value returned)
+}
 \description{

🧹 Nitpick comments (5)

man/exportNetworkToHTML.Rd (1)

15-18: Enhance data frame parameter documentation.

Consider adding more specific details about the expected structure and required columns for the nodes and edges data frames to help users understand the input requirements.

Example enhancement:

-\item{nodes}{Data frame with node information}
+\item{nodes}{Data frame with node information including required 'id' column and optional 'hgncName' column}

-\item{edges}{Data frame with edge information}
+\item{edges}{Data frame with edge information including 'source' and 'target' columns}

man/previewNetworkInBrowser.Rd (1)

9-12: Consider enhancing data frame parameter documentation.

Similar to exportNetworkToHTML, the nodes and edges parameter descriptions could be more specific about expected column structures.

R/visualizeNetworksWithHTML.R (3)

316-320: Improve layout option merging to preserve defaults

The current merging approach completely replaces default values. Consider using a safer merge that preserves defaults for unspecified options.

Use modifyList for safer merging:

    # Merge with custom layout options if provided
-   layout_config <- default_layout
-   if (!is.null(layout_options)) {
-       for (layout_name in names(layout_options)) {
-           layout_config[[layout_name]] <- layout_options[[layout_name]]
-       }
-   }
+   layout_config <- if (!is.null(layout_options)) {
+       utils::modifyList(default_layout, layout_options)
+   } else {
+       default_layout
+   }

---

501-878: Consider breaking down this large function

This function is 377 lines long, making it difficult to maintain and test. Consider extracting the HTML generation, CSS generation, and JavaScript generation into separate helper functions.

Break down into smaller functions:

• generateHTMLHead() - for meta tags and script imports
• generateCSS() - for all CSS styles
• generateLegendJS() - for legend creation JavaScript
• generateControlsHTML() and generateControlsJS() - already partially separated

This would improve maintainability and testability.

---

929-940: Consider adding temp file cleanup mechanism

Temporary HTML files created by this function will accumulate over time. Consider implementing a cleanup mechanism or using on.exit() to ensure cleanup in case of errors.

Add optional cleanup:

previewNetworkInBrowser <- function(nodes, edges, 
                                    displayLabelType = "id",
+                                   cleanup = FALSE,
                                    ...) {
    
    # Create elements
    node_elements <- createNodeElements(nodes, displayLabelType)
    edge_elements <- createEdgeElements(edges)
    
    # Generate configuration
    config <- generateCytoscapeConfig(node_elements, edge_elements)
    
    # Create temporary filename
    temp_file <- tempfile(fileext = ".html")
    
+   # Optional cleanup on exit
+   if (cleanup) {
+       on.exit(unlink(temp_file), add = TRUE)
+   }
+   
    # Export to temp file
    exportCytoscapeToHTML(config, temp_file, ...)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 64d5eff and 48702d0.

📒 Files selected for processing (6)

• NAMESPACE (3 hunks)
• R/visualizeNetworksWithHTML.R (1 hunks)
• man/exportNetworkToHTML.Rd (1 hunks)
• man/generateCytoscapeConfig.Rd (1 hunks)
• man/generateJavaScriptCode.Rd (1 hunks)
• man/previewNetworkInBrowser.Rd (1 hunks)

🔇 Additional comments (9)

NAMESPACE (2)

4-8: LGTM! Well-structured API additions.

The new exports are logically grouped and maintain alphabetical ordering. The three functions provide a clear progression: generate config → export to HTML → preview in browser.

---

21-22: Appropriate base R imports for visualization utilities.

The imports from grDevices (colorRamp, rgb) and utils (browseURL) are well-chosen for color mapping and browser integration respectively. Using base R packages avoids additional dependencies.

Also applies to: 34-34

man/generateJavaScriptCode.Rd (1)

1-18: LGTM! Appropriate documentation for internal function.

The documentation correctly identifies this as an internal function with concise but clear parameter and return value descriptions. Good practice to document internal utilities even when not exported.

man/exportNetworkToHTML.Rd (1)

22-22: LGTM! Clear parameter constraints.

Good documentation of the specific valid values for displayLabelType parameter ("id" or "hgncName").

man/generateCytoscapeConfig.Rd (3)

26-33: LGTM! Comprehensive return value documentation.

Excellent detailed documentation of the returned list structure with clear descriptions of each component. The inclusion of js_code for backward compatibility is well noted.

---

34-38: LGTM! Clear architectural description.

Good description emphasizing the decoupling from UI frameworks, which promotes reusability and modularity.

---

16-18: Helper functions verified – documentation is accurate.

The referenced createNodeElements() and createEdgeElements() helpers are implemented in R/visualizeNetworksWithHTML.R (lines 218 and 245). No changes needed.

R/visualizeNetworksWithHTML.R (2)

20-29: Potential division by zero in edge case

While the function handles the case where all non-NA values are the same (line 15), there's still a potential division by zero if max_logFC equals min_logFC after the default_max calculation. This could happen if all absolute values equal exactly the default_max.

Consider adding a check after computing min/max:

    max_logFC <- max(c(abs(logFC_values), default_max), na.rm = TRUE)
    min_logFC <- -1 * max_logFC
    
+   # Additional safety check
+   if (max_logFC == min_logFC) {
+       return(rep("#D3D3D3", length(logFC_values)))
+   }
+   
    # Create color mapping function

Likely an incorrect or invalid review comment.

---

861-863: Fix incorrect escape sequence in error handling

The escape sequence \\" will produce literal backslashes in the HTML output, which will cause JavaScript syntax errors.

Use proper escaping:

                document.getElementById("', config$container_id, '").innerHTML = 
-                   "<div style=\\"padding: 20px; text-align: center; color: red;\\">"+
-                   "Error loading visualization: " + error.message + "</div>";
+                   "<div style=\'padding: 20px; text-align: center; color: red;\'>"+
+                   "Error loading visualization: " + error.message + "</div>";

Likely an incorrect or invalid review comment.

[coderabbitai]

🛠️ Refactor suggestion

Add unit tests for the new visualization functions

This file introduces significant new functionality but doesn't include any unit tests. Consider adding tests to verify:

• Color mapping edge cases in mapLogFCToColor
• Edge consolidation logic in consolidateEdges
• JavaScript/HTML generation and escaping
• File export functionality

Would you like me to help generate a comprehensive test suite for these functions?

🤖 Prompt for AI Agents

In R/visualizeNetworksWithHTML.R covering the entire file (lines 1-941), the new
visualization functions lack unit tests. To fix this, create a test suite using
a testing framework like testthat that includes tests for mapLogFCToColor
covering normal and edge cases (e.g., all NA, uniform values), consolidateEdges
verifying correct merging of bidirectional edges and handling of missing
columns, generateJavaScriptCode and exportCytoscapeToHTML ensuring proper
JavaScript/HTML output and escaping, and file export functions confirming files
are created and contain expected content. This will improve code reliability and
maintainability.

[coderabbitai]

🛠️ Refactor suggestion

Unused variable and potential edge processing issue

The reverse_key variable on line 100 is created but never used. Additionally, the logic for tracking processed pairs may not correctly handle all edge cases.

Remove the unused variable:

        pair_key <- paste(sort(c(edge$source, edge$target)), edge$interaction, collapse = "-")
-       reverse_key <- paste(sort(c(edge$source, edge$target), decreasing = TRUE), edge$interaction, sep = "-")

Also applies to: 155-155

🤖 Prompt for AI Agents

In R/visualizeNetworksWithHTML.R at lines 99-100 and also line 155, remove the
unused variable `reverse_key` since it is created but never used. Review the
logic for tracking processed edge pairs to ensure it correctly handles all cases
without relying on this variable, and adjust the code accordingly to avoid
potential edge processing issues.

[coderabbitai]

⚠️ Potential issue

Security: Escape special characters to prevent JavaScript injection

The function directly concatenates user data into JavaScript strings without escaping special characters. This could lead to JavaScript injection if node IDs or labels contain quotes or other special characters.

Add proper escaping:

    apply(cbind(nodes, color = node_colors), 1, function(row) {
        # Use the appropriate label, fallback to id if hgncName is missing/empty
        display_label <- if(label_column == "hgncName" && !is.na(row['hgncName']) && row['hgncName'] != "") {
            row['hgncName']
        } else {
            row['id']
        }
        
+       # Escape special characters for JavaScript
+       escaped_id <- gsub("['\"\\\\]", "\\\\\\0", row['id'])
+       escaped_label <- gsub("['\"\\\\]", "\\\\\\0", display_label)
+       escaped_color <- gsub("['\"\\\\]", "\\\\\\0", row['color'])
+       
-       paste0("{ data: { id: '", row['id'], "', label: '", display_label, "', color: '", row['color'], "' } }")
+       paste0("{ data: { id: '", escaped_id, "', label: '", escaped_label, "', color: '", escaped_color, "' } }")
    })

🤖 Prompt for AI Agents

In R/visualizeNetworksWithHTML.R around lines 233 to 242, the code directly
concatenates node IDs and labels into JavaScript strings without escaping
special characters, risking JavaScript injection. To fix this, implement a
function to escape special characters like quotes and backslashes in these
values before concatenation. Replace direct usage of row['id'], display_label,
and row['color'] with their escaped versions to ensure safe embedding in
JavaScript code.

[coderabbitai]

⚠️ Potential issue

Security: Escape special characters in edge data

Similar to the node elements, edge data should be properly escaped to prevent JavaScript injection.

Add escaping for all string values being inserted into JavaScript:

+       # Escape special characters
+       escaped_source <- gsub("['\"\\\\]", "\\\\\\0", row$source)
+       escaped_target <- gsub("['\"\\\\]", "\\\\\\0", row$target)
+       escaped_key <- gsub("['\"\\\\]", "\\\\\\0", edge_key)
+       escaped_interaction <- gsub("['\"\\\\]", "\\\\\\0", row$interaction)
+       
        # Create edge data with styling information
-       edge_data <- paste0("{ data: { source: '", row$source, 
-                           "', target: '", row$target, 
-                           "', id: '", edge_key,
-                           "', interaction: '", row$interaction,
+       edge_data <- paste0("{ data: { source: '", escaped_source, 
+                           "', target: '", escaped_target, 
+                           "', id: '", escaped_key,
+                           "', interaction: '", escaped_interaction,
                            "', edge_type: '", row$edge_type,
                            "', category: '", row$category,
                            "', color: '", style$color,

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	edge_data <- paste0("{ data: { source: '", row$source,
	"', target: '", row$target,
	"', id: '", edge_key,
	"', interaction: '", row$interaction,
	"', edge_type: '", row$edge_type,
	"', category: '", row$category,
	"', color: '", style$color,
	"', line_style: '", style$style,
	"', arrow_shape: '", style$arrow,
	"', width: ", style$width, " } }")
	# Escape special characters
	escaped_source <- gsub("['\"\\\\]", "\\\\\\0", row$source)
	escaped_target <- gsub("['\"\\\\]", "\\\\\\0", row$target)
	escaped_key <- gsub("['\"\\\\]", "\\\\\\0", edge_key)
	escaped_interaction <- gsub("['\"\\\\]", "\\\\\\0", row$interaction)
	# Create edge data with styling information
	edge_data <- paste0("{ data: { source: '", escaped_source,
	"', target: '", escaped_target,
	"', id: '", escaped_key,
	"', interaction: '", escaped_interaction,
	"', edge_type: '", row$edge_type,
	"', category: '", row$category,
	"', color: '", style$color,
	"', line_style: '", style$style,
	"', arrow_shape: '", style$arrow,
	"', width: ", style$width, " } }")

🤖 Prompt for AI Agents

In R/visualizeNetworksWithHTML.R around lines 261 to 270, the edge data strings
are directly inserted into JavaScript without escaping, risking injection
attacks. Fix this by applying proper escaping to all string values (like source,
target, interaction, edge_type, category, color, line_style, arrow_shape) before
concatenation, ensuring special characters are safely encoded to prevent
JavaScript injection vulnerabilities.

[coderabbitai]

⚠️ Potential issue

Validate event handler code to prevent code injection

Event handler code is directly inserted into JavaScript without validation. This could allow arbitrary code execution if the handlers contain malicious code.

Consider adding validation or sanitization:

    if (!is.null(config$event_handlers)) {
+       # Validate that handlers are functions or safe strings
+       for (handler_name in names(config$event_handlers)) {
+           handler_code <- config$event_handlers[[handler_name]]
+           if (!is.character(handler_code) || grepl("(eval|Function|setTimeout|setInterval)", handler_code)) {
+               warning(paste("Potentially unsafe event handler:", handler_name))
+           }
+       }
        handlers <- sapply(names(config$event_handlers), function(event) {

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	if (!is.null(config$event_handlers)) {
	handlers <- sapply(names(config$event_handlers), function(event) {
	handler_code <- config$event_handlers[[event]]
	switch(event,
	"edge_click" = paste0("cy.on('tap', 'edge', ", handler_code, ");"),
	"node_click" = paste0("cy.on('tap', 'node', ", handler_code, ");"),
	handler_code # Custom event handler
	)
	})
	event_handlers_js <- paste(handlers, collapse = "\n ")
	if (!is.null(config$event_handlers)) {
	# Validate that handlers are functions or safe strings
	for (handler_name in names(config$event_handlers)) {
	handler_code <- config$event_handlers[[handler_name]]
	if (!is.character(handler_code) || grepl("(eval|Function|setTimeout|setInterval)", handler_code)) {
	warning(paste("Potentially unsafe event handler:", handler_name))
	}
	}
	handlers <- sapply(names(config$event_handlers), function(event) {
	handler_code <- config$event_handlers[[event]]
	switch(event,
	"edge_click" = paste0("cy.on('tap', 'edge', ", handler_code, ");"),
	"node_click" = paste0("cy.on('tap', 'node', ", handler_code, ");"),
	handler_code # Custom event handler
	)
	})
	event_handlers_js <- paste(handlers, collapse = "\n ")
	}

🤖 Prompt for AI Agents

In R/visualizeNetworksWithHTML.R around lines 428 to 437, the event handler code
from config$event_handlers is directly inserted into JavaScript, risking code
injection. To fix this, implement validation or sanitization of the handler_code
before embedding it in the JavaScript string. This can include checking for
allowed patterns, escaping special characters, or restricting the input to safe
predefined functions to prevent arbitrary code execution.

[codecov-commenter]

Codecov Report

❌ Patch coverage is 0% with 608 lines in your changes missing coverage. Please review.
✅ Project coverage is 32.08%. Comparing base (64d5eff) to head (48702d0).

Files with missing lines	Patch %	Lines
R/visualizeNetworksWithHTML.R	0.00%	608 Missing ⚠️

Additional details and impacted files

@@             Coverage Diff             @@
##            devel      #53       +/-   ##
===========================================
- Coverage   64.71%   32.08%   -32.63%     
===========================================
  Files           7        8        +1     
  Lines         598     1206      +608     
===========================================
  Hits          387      387               
- Misses        211      819      +608     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.