All pending fixes – UI, auth, cover image, script removal #84
Reference in New Issue
Block a user
Delete Branch "feature/all-requested-fixes"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
This PR bundles all requested changes:
Please review and merge.
Automated review – please address the inline comments.
@@ -27,6 +27,7 @@ public class BookStorageService : IBookStorageServicevar uploadsFolder = Path.Combine(_environment.WebRootPath, "uploads");EnsureDirectoryExists(uploadsFolder);fileName = SanitizeFileName(fileName);MAJOR:
SanitizeFileNameis called afterPath.Combine, allowing path‑traversal before sanitisation. Move sanitisation before combining and add a unit test.@@ -21,3 +21,3 @@private static readonly Regex ImageTagRegex = new(@"<img\b(?<before>[^>]*?\bsrc=[""'])(?<src>[^""']*?)(?<after>[""'][^>]*?>)", RegexOptions.IgnoreCase | RegexOptions.Compiled);private static readonly Regex ImageTagRegex = new(@"(?<before><img\b[^>]*?\bsrc=[""'])(?<src>[^""']*?)(?<after>[""'][^>]*?>)", RegexOptions.IgnoreCase | RegexOptions.Compiled);private static readonly Regex BodyMatchRegex = new(@"<body\b[^>]*>(.*?)</body>", RegexOptions.IgnoreCase | RegexOptions.Singleline | RegexOptions.Compiled);private static readonly Regex ParagraphMatchRegex = new(@"<(p|h[1-6]|ul|ol|blockquote|pre)\b[^>]*>.*?</\1>|<hr\b[^>]*>|<img\b[^>]*>", RegexOptions.IgnoreCase | RegexOptions.Singleline | RegexOptions.Compiled);MAJOR: Updated
ImageTagRegexnow includes the opening<. Verify that thesrccapture group still works; add a test for a simple<img src="x.jpg">.@@ -30,3 +32,4 @@private static readonly Regex EmptyBlockRegex = new(@"^(</?(p|h[1-6]|ul|ol|li|blockquote|pre|div|span|br)\b[^>]*>| |\s)*$", RegexOptions.IgnoreCase | RegexOptions.Compiled);public EpubReaderService(IDbContextFactory<AppDbContext> dbContextFactory,MAJOR: New SVG handling may leave unsupported
<image>tags if neithersrcnorhrefis present. Consider stripping or warning.@@ -8,7 +8,7 @@@inject IReaderStateService StateServiceMINOR: Add
aria-hidden="@StateService.IsBarsHidden"for accessibility when toolbar is hidden.@@ -62,5 +62,5 @@</div>}</div>@if (_isLoadingChapter)MAJOR:
[JSInvokable] HandleScrollDeltaupdates UI on every scroll delta – debounce to avoid frequent re‑renders.@@ -34,5 +34,5 @@}public MobileReaderTab ActiveTab{get { lock (_lock) return _activeTab; }MAJOR:
IsBarsHiddenUI state lives in a shared service; move it to a UI‑only service to respect Clean Architecture.@@ -44,6 +45,17 @@ export function initScrollListener(dotNetHelper, scrollContainerSelector) {// Ensure boundsMAJOR: Scroll‑delta detection fires many interop calls; add client‑side debounce (e.g., 100 ms).
@@ -121,6 +122,17 @@ builder.Services.AddAuthentication(options =>options.DefaultScheme = IdentityConstants.ApplicationScheme;CRITICAL: JWT authentication missing signing key &
ValidateIssuerSigningKey. Add a secret key and enable validation.View command line instructions
Checkout
From your project repository, check out a new branch and test the changes.