Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add bitcoin taproot #734

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Add bitcoin taproot #734

wants to merge 4 commits into from

Conversation

shahbaz17
Copy link
Member

Motivation and Context

Jira Link: https://toruslabs.atlassian.net/jira/software/projects/DEVREL/boards/15?selectedIssue=DEVREL-1142

Description

How has this been tested?

Screenshots (if appropriate):

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)

Checklist:

  • My code follows the code style of this project. (run lint)
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have added tests to cover my changes.
  • All new and existing tests passed.
  • My code requires a db migration.

@vercel Vercel
Copy link

vercel bot commented Feb 11, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
mpc-core-kit-aggregate-verifier-example ✅ Ready (Inspect) Visit Preview 💬 Add feedback Feb 13, 2025 6:04am
mpc-core-kit-angular-quick-start ✅ Ready (Inspect) Visit Preview 💬 Add feedback Feb 13, 2025 6:04am
mpc-core-kit-bitcoin ✅ Ready (Inspect) Visit Preview 💬 Add feedback Feb 13, 2025 6:04am
mpc-core-kit-farcaster ✅ Ready (Inspect) Visit Preview 💬 Add feedback Feb 13, 2025 6:04am
mpc-core-kit-nextjs-quick-start ✅ Ready (Inspect) Visit Preview 💬 Add feedback Feb 13, 2025 6:04am
mpc-core-kit-react-quick-start ✅ Ready (Inspect) Visit Preview 💬 Add feedback Feb 13, 2025 6:04am
mpc-core-kit-solana ✅ Ready (Inspect) Visit Preview 💬 Add feedback Feb 13, 2025 6:04am
mpc-core-kit-vue-quick-start ✅ Ready (Inspect) Visit Preview 💬 Add feedback Feb 13, 2025 6:04am
sfa-angular-quick-start ✅ Ready (Inspect) Visit Preview 💬 Add feedback Feb 13, 2025 6:04am
sfa-nextjs-quick-start ✅ Ready (Inspect) Visit Preview 💬 Add feedback Feb 13, 2025 6:04am
sfa-react-quick-start ✅ Ready (Inspect) Visit Preview 💬 Add feedback Feb 13, 2025 6:04am
sfa-vanillajs-quick-start ✅ Ready (Inspect) Visit Preview 💬 Add feedback Feb 13, 2025 6:04am
sfa-vue-quick-start ✅ Ready (Inspect) Visit Preview 💬 Add feedback Feb 13, 2025 6:04am
sfa-web-aggregate-verifier-example ✅ Ready (Inspect) Visit Preview 💬 Add feedback Feb 13, 2025 6:04am
sfa-web-auth0-example ✅ Ready (Inspect) Visit Preview 💬 Add feedback Feb 13, 2025 6:04am
sfa-web-bitcoin-example ✅ Ready (Inspect) Visit Preview 💬 Add feedback Feb 13, 2025 6:04am
sfa-web-farcaster ✅ Ready (Inspect) Visit Preview 💬 Add feedback Feb 13, 2025 6:04am
sfa-web-google-example ✅ Ready (Inspect) Visit Preview 💬 Add feedback Feb 13, 2025 6:04am
sfa-web-nextauth-example ✅ Ready (Inspect) Visit Preview 💬 Add feedback Feb 13, 2025 6:04am
sfa-web-passwordless-example ✅ Ready (Inspect) Visit Preview 💬 Add feedback Feb 13, 2025 6:04am
sfa-web-ton-telegram-example ✅ Ready (Inspect) Visit Preview 💬 Add feedback Feb 13, 2025 6:04am
sfa-web-ton-telegram-server ✅ Ready (Inspect) Visit Preview 💬 Add feedback Feb 13, 2025 6:04am
web3auth-core-kit-examples ✅ Ready (Inspect) Visit Preview 💬 Add feedback Feb 13, 2025 6:04am

github-advanced-security[bot]
github-advanced-security bot found potential problems Feb 11, 2025
View reviewed changes
mpc-core-kit-web/mpc-core-kit-bitcoin-taproot/src/App.tsx
function uiConsole(...args: any): void {
const el = document.querySelector("#console>p");
if (el) {
el.innerHTML = JSON.stringify(args || {}, null, 2);

Check warning

Code scanning / CodeQL

Exception text reinterpreted as HTML Medium

Exception text
Loading
is reinterpreted as HTML without escaping meta-characters.

Copilot Autofix AI 10 days ago

To fix the problem, we need to ensure that any user-controlled input is properly escaped before being written to the HTML. This can be achieved by using a library like DOMPurify to sanitize the input or by manually escaping HTML meta-characters.

The best way to fix the problem without changing existing functionality is to use DOMPurify to sanitize the input before setting it to the innerHTML property. This approach ensures that any potentially harmful content is removed, preventing XSS attacks.

Suggested changeset 2
mpc-core-kit-web/mpc-core-kit-bitcoin-taproot/src/App.tsx

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/mpc-core-kit-web/mpc-core-kit-bitcoin-taproot/src/App.tsx b/mpc-core-kit-web/mpc-core-kit-bitcoin-taproot/src/App.tsx
--- a/mpc-core-kit-web/mpc-core-kit-bitcoin-taproot/src/App.tsx
+++ b/mpc-core-kit-web/mpc-core-kit-bitcoin-taproot/src/App.tsx
@@ -21,2 +21,3 @@
 import { Loading, BlurredLoading } from "./Loading";
+import DOMPurify from 'dompurify';
 
@@ -300,3 +301,3 @@
     if (el) {
-      el.innerHTML = JSON.stringify(args || {}, null, 2);
+      el.innerHTML = DOMPurify.sanitize(JSON.stringify(args || {}, null, 2));
     }
EOF
@@ -21,2 +21,3 @@
import { Loading, BlurredLoading } from "./Loading";
import DOMPurify from 'dompurify';

@@ -300,3 +301,3 @@
if (el) {
el.innerHTML = JSON.stringify(args || {}, null, 2);
el.innerHTML = DOMPurify.sanitize(JSON.stringify(args || {}, null, 2));
}
mpc-core-kit-web/mpc-core-kit-bitcoin-taproot/package.json
Outside changed files

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/mpc-core-kit-web/mpc-core-kit-bitcoin-taproot/package.json b/mpc-core-kit-web/mpc-core-kit-bitcoin-taproot/package.json
--- a/mpc-core-kit-web/mpc-core-kit-bitcoin-taproot/package.json
+++ b/mpc-core-kit-web/mpc-core-kit-bitcoin-taproot/package.json
@@ -29,3 +29,4 @@
     "vite": "^5.4.8",
-    "web3": "^4.13.0"
+    "web3": "^4.13.0",
+    "dompurify": "^3.2.4"
   },
EOF
@@ -29,3 +29,4 @@
"vite": "^5.4.8",
"web3": "^4.13.0"
"web3": "^4.13.0",
"dompurify": "^3.2.4"
},
This fix introduces these dependencies
Package Version Security advisories
dompurify (npm) 3.2.4 None
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
@shahbaz17 shahbaz17 mentioned this pull request Feb 18, 2025
Open
9 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ihsraham ihsraham Awaiting requested review from ihsraham

@AyushBherwani1998 AyushBherwani1998 Awaiting requested review from AyushBherwani1998

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@shahbaz17