gooneyryan/hermes-webui
1
0
Fork 0
mirror of https://github.com/nesquena/hermes-webui.git synced 2026-05-24 02:36:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: sanitize error message in checkUpdatesNow to avoid exposing paths

Browse Source 
Review feedback: strip filesystem paths from error messages and cap
length to prevent internal details leaking into the UI.
This commit is contained in:
bergeouss
2026-04-25 17:55:01 +00:00
parent bc85efe01a
commit 80cdaeeec4
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
static/panels.js
+3 -1
View File
@@ -2535,7 +2535,9 @@ async function checkUpdatesNow(){
}
}
} catch(e){
if(status){status.textContent=t('failed_colon')+e.message;status.style.color='var(--error)';}
// Sanitize error — avoid exposing internal paths/stack traces
const errMsg=(e&&e.message)?e.message.replace(/\/[^\s]*/g,'[path]').substring(0,120):t('settings_up_to_date');
if(status){status.textContent=t('failed_colon')+errMsg;status.style.color='var(--error)';}
} finally {
btn.disabled=false;
if(spinner) spinner.style.display='none';