🔐 fix: Secure iconURL Handling (#10753)

* 🔒 fix: `iconURL` in conversation parsing - Updated the `buildEndpointOption` middleware to derive `iconURL` from model specs when not provided by the client, improving security by preventing malicious URLs. - Modified the `parseCompactConvo` function to strip `iconURL` from conversation inputs, ensuring it is only set server-side. - Added comprehensive tests to validate the stripping of `iconURL` across various endpoint types, enhancing overall input sanitization. * ✨ feat: Add ESLint rule for unused variables - Introduced a new ESLint rule to warn about unused variables, allowing for better code quality and maintainability. - Configured the rule to ignore variables and arguments that start with an underscore, accommodating common coding practices.
2025-12-01 17:41:39 -05:00
parent 4202db1c99
commit 6fa94d3eb8
4 changed files with 162 additions and 6 deletions
--- a/eslint.config.mjs
+++ b/eslint.config.mjs
@@ -269,6 +269,16 @@ export default [
        project: './packages/data-provider/tsconfig.json',
      },
    },
+    rules: {
+      '@typescript-eslint/no-unused-vars': [
+        'warn',
+        {
+          argsIgnorePattern: '^_',
+          varsIgnorePattern: '^_',
+          caughtErrorsIgnorePattern: '^_',
+        },
+      ],
+    },
  },
  {
    files: ['./api/demo/**/*.ts'],