Abhishekmishra2808 commented on issue #554: URL: https://github.com/apache/tooling-trusted-releases/issues/554#issuecomment-3800660259
@sbp Thank you for the detailed feedback. I understand the requirement for a more robust approach that addresses the entire class of bug rather than individual instances. I have refactored the implementation to address the "taint analysis" accuracy issues by introducing a **type-safe substitution system**. Specifically: * **Type-Safe Tracking:** I’ve introduced a `SafeHTML` marker type to explicitly distinguish between trusted content (like internally generated URLs) and untrusted/tainted strings from the database. * **Centralized Sanitization:** All template substitutions in `announce_release_subject_and_body`, `checklist_body`, and `start_vote_subject_and_body` now go through a single `substitute` utility. This utility defaults to escaping all values via `html.escape(quote=True)` unless they are explicitly marked as `SafeHTML`. * **Updated Taint Analysis:** I’ve re-verified the conduits. While some Markdown renderers might omit raw HTML, escaping at the substitution level ensures the data is "secure by default" regardless of the downstream rendering engine's specific configuration. I have verified this with a standalone reproduction script and am ready to submit a new PR with the comprehensive analysis. Does this architectural direction align with what you were looking for? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
