Skip to content

Reverting sanitize html code changes #306

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: feature-2.1.11
Choose a base branch
from
Open

Reverting sanitize html code changes #306

wants to merge 1 commit into from

Conversation

priyal-unbxd
Copy link
Collaborator

No description provided.

@gemini-code-assist Gemini Code Assist
Copy link

Summary of Changes

Hello @priyal-unbxd, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request focuses on reverting previous HTML sanitization implementations within the SDK, effectively removing the DOMPurify dependency and all associated code. Concurrently, it introduces several internal refactorings to optimize DOM element selection in the demo application and streamline UI rendering logic, aiming for a cleaner and potentially more performant codebase.

Highlights

  • HTML Sanitization Reversion: The core functionality for HTML sanitization, including the DOMPurify library and all related logic, has been completely removed from the SDK. This impacts how various UI components (products, facets, pagination, etc.) are rendered, as they no longer undergo explicit sanitization.
  • DOM Element Selection Optimization: In the demo application, the method for selecting DOM elements has been optimized. document.querySelectorAll has been replaced with document.getElementById for instances where only a single element is expected, leading to potentially more efficient DOM access.
  • Code Refactoring and Simplification: Numerous code refactorings have been implemented across the SDK, particularly in how UI components are rendered and managed. This includes streamlining layout creation, simplifying event binding, and standardizing string literal usage.
  • Dependency Update: The package-lock.json file has been updated to reflect a version bump for the @unbxd-ui/vanilla-search-library to 2.1.11.
Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

gemini-code-assist[bot]
gemini-code-assist bot reviewed Sep 29, 2025
View reviewed changes
Copy link

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request reverts HTML sanitization changes, which introduces a critical security vulnerability. By removing DOMPurify and all associated sanitization logic, the library becomes vulnerable to Cross-Site Scripting (XSS) attacks, especially in applications that use custom templates to render API data. This is a major regression that should be reconsidered. Additionally, I've found a high-severity typo in a function name (createtSearchWrapper) that affects core layout creation, and some invalid HTML in the demo page which could lead to rendering issues.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@priyal-unbxd