Skip to content

[Project Solar / Phase 1 / Engineering Follow-ups] Add localStorage parsing validation #3401

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
didoo merged 2 commits into from
Dec 8, 2025
Merged

[Project Solar / Phase 1 / Engineering Follow-ups] Add localStorage parsing validation #3401

didoo merged 2 commits into from
Dec 8, 2025

Conversation

@didoo
Copy link
Contributor

@didoo didoo commented Dec 3, 2025

📌 Summary

In a previous review, Copilot suggested to add validation of the localStorage.getItem result, to protect against corrupted or malicious data.

This PR addresses this issue.

🛠️ Detailed description

In this PR I have:

  • added validation of parsed localStorage in hdsTheming service
  • added validation of parsed localStorage in shwTheming service

🔗 External links

Jira ticket: https://hashicorp.atlassian.net/browse/HDS-5689

👀 Component checklist

💬 Please consider using conventional comments when reviewing this PR.

📋 PCI review checklist
  • If applicable, I've documented a plan to revert these changes if they require more than reverting the pull request.
  • If applicable, I've worked with GRC to document the impact of any changes to security controls.
    Examples of changes to controls include access controls, encryption, logging, etc.
  • If applicable, I've worked with GRC to ensure compliance due to a significant change to the in-scope PCI environment.
    Examples include changes to operating systems, ports, protocols, services, cryptography-related components, PII processing code, etc.

@didoo didoo requested a review from a team as a code owner December 3, 2025 18:43
@vercel
Copy link

vercel bot commented Dec 3, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Preview Updated (UTC)
hds-showcase Ready Ready Preview Dec 5, 2025 10:30am
hds-website Ready Ready Preview Dec 5, 2025 10:30am

Copilot AI reviewed Dec 3, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds validation for localStorage data to protect against corrupted or malicious input when initializing theming settings. The changes implement type guards to verify that parsed data conforms to expected structures before use, with fallback to default values when validation fails.

Key changes:

  • Added isSafeStoredThemingData type guard function to validate theming data structure and values in the hds-theming service
  • Added isSafeStylesheetData type guard function to validate stylesheet selection in the shw-theming service
  • Refactored ShwStylesheets type to derive from a const array for runtime validation

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
packages/components/src/services/hds-theming.ts Added comprehensive validation for theming data with type guard and fallback to defaults
showcase/app/services/shw-theming.ts Added validation for stylesheet data and refactored type definition to enable runtime checks

KristinLBradley
KristinLBradley reviewed Dec 3, 2025
View reviewed changes
KristinLBradley
KristinLBradley approved these changes Dec 3, 2025
View reviewed changes
Copy link
Contributor

@KristinLBradley KristinLBradley left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Logic, etc. look good to me.

@KristinLBradley
Copy link
Contributor

KristinLBradley commented Dec 3, 2025

The Percy diff was with the rendering of some CodeBlock line numbers, which is not a real issue, so I approved it.

Base automatically changed from project-solar/phase-1/HDS-5242_showcase/add-themes-support to project-solar/phase-1-main-feature-branch December 3, 2025 19:05
@didoo didoo mentioned this pull request Dec 3, 2025
Draft
16 tasks
@didoo didoo force-pushed the project-solar/phase-1/HDS-5689/04b_localstorage-parsing-validation branch from ab9bd0a to 21aab1f Compare December 3, 2025 22:10
@didoo didoo force-pushed the project-solar/phase-1/HDS-5689/04b_localstorage-parsing-validation branch from 21aab1f to c48a5c5 Compare December 5, 2025 10:26
@didoo didoo merged commit 02683f7 into project-solar/phase-1-main-feature-branch Dec 8, 2025
16 checks passed
@didoo didoo deleted the project-solar/phase-1/HDS-5689/04b_localstorage-parsing-validation branch December 8, 2025 11:55
didoo added a commit that referenced this pull request Dec 16, 2025
@didoo
[Project Solar / Phase 1 / Engineering Follow-ups] Add localStorage
a8ea874 
… parsing validation (#3401)
didoo added a commit that referenced this pull request Dec 18, 2025
@didoo
[Project Solar / Phase 1 / Engineering Follow-ups] Add localStorage
1f08b2e 
… parsing validation (#3401)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@dchyun dchyun dchyun approved these changes

@KristinLBradley KristinLBradley KristinLBradley approved these changes

Assignees

No one assigned

Labels

packages/components project solar showcase

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@didoo @KristinLBradley @dchyun @hashibot-hds