issues Search Results · language:Dune language:HTML language:JavaScript language:JavaScript language:JavaScript linked:pr
Filter by
2.2M results
From the 2026-06-18 SOLID/DRY swarm-audit (Guardian, high/med confidence).
Problem
The authorization invariant the set permitted to ANSWER == the set that could have RECEIVED is enforced by copy-pasted ...
from-review
security
server
blamechris
From the 2026-06-18 SOLID/DRY swarm-audit (Skeptic, HIGH confidence).
Problem
sanitizeToolInput (packages/server/src/ws-permissions.js:16-41, the ONLY sanitizer on the tool-broadcast path, called at ...
from-review
security
server
问题描述
blockSearchText() 函数在处理 null/undefined 字段时会崩溃。虽然工厂函数通常会规范化输入,但直接构造块或内部 reader bug 可能导致问题。
位置
- 文件:public/core/document-audit.js
- 行号:54 及相关块处理逻辑
- 模块:core
崩溃场景
// 当前实现
function blockSearchText(block) ...
bug
module:core
P2
robustness
Vantalens
问题描述
writeXlsx 函数中,预扫描阶段遍历所有单元格构建 sharedStrings,然后 sheetXml 函数再次遍历相同单元格生成 XML。对于大型工作簿,这是不必要的重复计算。
位置
- 文件:public/formats/xlsx.js
- 第一次遍历:第 368-380 行(构建字符串索引)
- 第二次遍历:第 297-320 行(生成 XML)
- 模块:formats ...
module:formats
P2
performance
问题描述
bytesToBase64 函数在循环中逐字符拼接字符串,对于大型图像会导致 O(n²) 时间复杂度。JavaScript 字符串不可变,每次拼接都创建新字符串。
位置
- public/formats/docx.js 第 42 行
- public/formats/pptx.js 第 11 行
- 模块:formats
性能影响
实测数据:
- 50KB 图像:18x ...
module:formats
P1
performance
问题描述
createTesseractWorker 使用 Promise.race 实现超时机制,但超时后 createWorker 的 Promise 仍在后台运行。如果 worker 最终创建成功但已超时,该 worker 会泄漏(未被
terminate)。
位置
- 文件:public/core/ocr/tesseract-runtime.js
- 行号:182-197
...
bug
module:ocr
P1
performance
New Versions Available
- Kap: 20260617-1 → 20260617-2 — kapdemo.dhsdevelopments.com/downloads.html
Update scripts/known-versions.json after upgrading to silence this alert.
language-update
github-actions[bot]
问题描述
压缩比检查仅适用于 ≥64 字节的文件,小文件可绕过 200:1 的压缩比限制。浏览器环境的 1GB 总限制过高。
位置
- 文件:public/core/zip-container.js
- 行号:378
- 模块:core
技术细节
当前实现:
if (uncompressedSize = 64 compressedSize 0) {
const ...
module:core
P1
security
问题描述
format-registry.js 在抛出 INPUT_BUDGET_EXCEEDED 错误时,使用位置参数而非选项对象,导致 category 和 code 字段未正确设置。
位置
- 文件:public/core/format-registry.js
- 行号:628
- 模块:core
当前实现(错误)
throw new ConversionError(
...
bug
module:core
P1
inside footer,when user hover over cookie policy nothing displays.It should display some text regarding Cookie policy
img width= 626 height= 227 alt= Image src=
https://github.com/user-attachments/assets/f79b9bd1-91d9-44b7-a02c-6078b6111477 ...
rg8051
Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip! Restrict your search to the title by using the in:title qualifier.
Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip! Restrict your search to the title by using the in:title qualifier.