Skip to content

fix(visualize): escape labels, keep repo slugs injective, encode theme values#579

Merged
joshua-temple merged 2 commits into
mainfrom
fix/visualize-escaping
Jul 15, 2026
Merged

fix(visualize): escape labels, keep repo slugs injective, encode theme values#579
joshua-temple merged 2 commits into
mainfrom
fix/visualize-escaping

Conversation

@joshua-temple

Copy link
Copy Markdown
Collaborator

Problem: visualize output could statement-split on newline-bearing labels, collide distinct repo slugs into one lane, and emit invalid JSON in the theme init directive.

Fix: fold newlines in node/state/subgraph labels, hash-suffix repo slugs to stay injective, JSON-encode the init directive, and sanitize classDef values. Security-positive (blocks label injection).

Verification: build + visualize/graph/cmd tests green (119 pass), golangci-lint 0 issues; escaping_test + theme_test regression coverage.

…e values

Signed-off-by: Joshua Temple <joshua.temple@stablekernel.com>
(cherry picked from commit 2353567d2c05b730e502616937ca4dc15adfdc92)
…tput

Signed-off-by: Joshua Temple <joshua.temple@stablekernel.com>
(cherry picked from commit a4dc64320e6f6eeac9ac6d6f7b17660f98cdaf95)
@joshua-temple joshua-temple merged commit 101589e into main Jul 15, 2026
20 checks passed
@joshua-temple joshua-temple deleted the fix/visualize-escaping branch July 15, 2026 19:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant