Sanitize image url from DOM node

[christopherholland-workday]

Sanitize the image URL to block potentially malicious content.

CodeQL finding 26.

[gemini-code-assist]

Summary of Changes

Hello @christopherholland-workday, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request enhances the application's security by implementing robust image URL sanitization. A new utility function has been added to validate image sources, ensuring that only safe http: and https: protocols are used. This prevents potential cross-site scripting (XSS) vulnerabilities that could arise from malicious or improperly formatted image URLs, thereby improving the overall integrity of the user interface.

Highlights

• Image URL Sanitization: Introduced a sanitizeImageUrl utility function to validate image URLs, specifically preventing the use of potentially malicious schemes like javascript:, data:, or blob:.
• Security Vulnerability Fix: Addressed CodeQL finding 26 by ensuring that only http: and https: protocols are permitted for image sources, defaulting to a generic avatar for invalid or disallowed URLs.

Changelog

• packages/ui/src/views/assistants/openai/AssistantDialog.jsx
  • Implemented a new sanitizeImageUrl function to validate and clean image URLs.
  • Integrated the sanitizeImageUrl function into the src attribute of an img element to ensure all displayed images are from safe sources.

Activity

• No specific activity (comments, reviews, progress) was provided in the context.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

In general, to fix this kind of issue you must ensure that untrusted text taken from the DOM is not reinterpreted as HTML or otherwise executed. For URLs, this means validating against a strict allowlist (e.g., schemes, hosts, and path patterns) and never returning raw user input unless it satisfies those constraints. For React, you should continue relying on React’s automatic attribute escaping and avoid any APIs that bypass it (like dangerouslySetInnerHTML).

Here, the best targeted fix is to strengthen sanitizeImageUrl so that it does not simply accept any HTTP(S) URL, but instead only allows URLs from the trusted avatar service already in use (DiceBear) and falls back to a known-safe default in all other cases. This both satisfies the static analysis by preventing arbitrary tainted data from flowing to the img src, and keeps the intended functionality (letting the user customize a DiceBear-based avatar) intact.

Concretely:

• Edit the sanitizeImageUrl function (lines 128–145) in packages/ui/src/views/assistants/openai/AssistantDialog.jsx.
• After parsing the URL, check that:
  • Protocol is http: or https: (as already done), and
  • Hostname is exactly api.dicebear.com, and
  • Path starts with /7.x/bottts/svg.
• Only if all those checks pass, return the normalized URL string (e.g., parsed.toString() or parsed.href); otherwise, return the fallback URL.
• Do not alter the rest of the component logic; assistantIcon can still be edited, but any non-DiceBear URL will render using the fallback, eliminating the tainted-flow concern.

No new imports are required; this uses only the standard URL class and existing variables.

[christopherholland-workday]

I think this is a false positive, we sanitized the URL, but here, React removes the attribute values when passing in text like <img src={userInput} /> - it does not treat it as HTML content.

[gemini-code-assist]

Code Review

The pull request introduces a sanitizeImageUrl function to prevent XSS from malicious image URLs, which is a great security improvement. However, the implementation of the fallback logic within this function can cause performance issues and UI flickering due to the generation of a new UUID on every render for invalid URLs. I've suggested a fix to use a stable fallback URL.