mirror of
https://github.com/koala73/worldmonitor.git
synced 2026-04-26 01:24:59 +02:00
security: add unicode safety guard to hooks and CI (#1710)
* security: add unicode safety guard to hooks and CI * fix(unicode-safety): drop FE0F, PUA; fix col tracking; scan .husky/ - Remove FE0F (emoji presentation selector) from suspicious set — it false-positives on ASCII keycap sequences (#️⃣ etc.) in source strings - Remove Private Use Area (E000–F8FF) check — not a parser attack vector and legitimately used by icon font string literals - Fix column tracking for astral-plane characters (cp > 0xFFFF): increment by 2 to match UTF-16 editor column positions - Remove now-unused prevCp variable - Add .husky/ to SCAN_ROOTS and '' to INCLUDED_EXTENSIONS so extensionless hook scripts (pre-commit, pre-push) are included in full-repo scans --------- Co-authored-by: Elie Habib <elie.habib@gmail.com>
This commit is contained in:
1
.github/workflows/lint-code.yml
vendored
1
.github/workflows/lint-code.yml
vendored
@@ -15,5 +15,6 @@ jobs:
|
||||
node-version: '22'
|
||||
cache: 'npm'
|
||||
- run: npm ci
|
||||
- run: npm run lint:unicode
|
||||
- run: npm run lint
|
||||
- run: npm run lint:boundaries
|
||||
|
||||
Reference in New Issue
Block a user