[v12] feat(ui-truncate-text): TruncateText rework.#2420
[v12] feat(ui-truncate-text): TruncateText rework.#2420git-nandor wants to merge 1 commit intov12from
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
|
|
||
| function bootstrap() { | ||
| execSync(path.resolve('scripts/clean.js'), opts) |
Check warning
Code scanning / CodeQL
Shell command built from environment values
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 5 days ago
In general, this problem is fixed by avoiding string-constructed shell commands for dynamic values and instead passing the command and its arguments as separate parameters to an API that does not invoke a shell (such as execFileSync/spawn with shell: false). This prevents any special characters in paths from being interpreted by a shell.
For this specific case, the safest and minimal-change approach is:
- Explicitly invoke the Node interpreter with
execFileSyncand pass the resolved script path as an argument, rather than passing the resolved path as a shell command string toexecSync. - Keep the existing
opts({ stdio: 'inherit' }) so that behavior and output remain the same.
Concretely:
- Add
execFileSyncto the destructuring import fromchild_processon line 27. - Change
execSync(path.resolve('scripts/clean.js'), opts)on line 68 toexecFileSync(process.execPath, [path.resolve('scripts/clean.js')], opts).process.execPathis the absolute path to the current Node executable, so we guarantee we’re running the script with Node and bypass the shell.
No other behavior in buildProject or elsewhere needs to change.
| @@ -24,7 +24,7 @@ | ||
| * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE | ||
| * SOFTWARE. | ||
| */ | ||
| const { execSync, fork } = require('child_process') | ||
| const { execSync, execFileSync, fork } = require('child_process') | ||
| const path = require('path') | ||
|
|
||
| const opts = { stdio: 'inherit' } | ||
| @@ -65,7 +65,7 @@ | ||
| } | ||
|
|
||
| function bootstrap() { | ||
| execSync(path.resolve('scripts/clean.js'), opts) | ||
| execFileSync(process.execPath, [path.resolve('scripts/clean.js')], opts) | ||
| buildProject() | ||
| } | ||
|
|
|
git-nandor
changed the title
git-nandor
force-pushed
the
INSTUI-4819_TruncateText_rework
branch
from
e6979e2 to
1c7b75c
Compare
adamlobler
left a comment
adamlobler
left a comment
There was a problem hiding this comment.
We shouldn't use plain spans in the examples because they don't get the proper colors when we switch themes, we should use the Text component instead.
3 participants
INSTUI-4819
Summary
Migrated TruncateText component from the old theming system.
Test plan
On the documentation page, verify that everything displays and works correctly.