Skip to content

fix: resolve 4 security and performance issues (#427, #430, #433, #440)#606

Open
solomon35-stack wants to merge 2 commits into
MettaChain:mainfrom
solomon35-stack:fix/solomon35-stack-issues-427-430-433-440
Open

fix: resolve 4 security and performance issues (#427, #430, #433, #440)#606
solomon35-stack wants to merge 2 commits into
MettaChain:mainfrom
solomon35-stack:fix/solomon35-stack-issues-427-430-433-440

Conversation

@solomon35-stack

@solomon35-stack solomon35-stack commented Jun 28, 2026

Copy link
Copy Markdown
Contributor

Summary

This PR fixes four issues assigned to @solomon35-stack:

🔒 #430 - Remove dangerouslySetInnerHTML (P0 security)

  • Replaced dangerouslySetInnerHTML in chart.tsx ChartStyle component with safe React \<style\> children
  • CSS values are built from known-safe config keys only

🔒 #440 - Remove document.write (P1 security)

  • Replaced document.write() in compare/page.tsx handleExportPDF with safe DOM API calls (createElement, textContent)
  • Added doc.close() before print() for proper browser rendering

🔒 #433 - BigInt input normalisation (P1 security)

  • Added normalizeToBigInt helper in blockchainSecurity.ts to handle:
    • Hex strings (0x-prefixed)
    • Scientific notation (e.g. 1e18)
    • Fractional decimal ether values (using parseEther from viem)
    • Plain wei decimal strings
  • Added BlockchainSecurityError class with typed error codes

#427 - setInterval cleanup (P2 performance)

  • propertyCache.ts: Stored interval handle, cleared before re-creating on HMR/re-import
  • rateLimit.ts: Wrapped setInterval in startCleanupTimer(), exported stopRateLimitCleanup()
  • structuredLogger.ts: Documented that destroy() exists for manual cleanup

Files Changed

File Changes
src/components/ui/chart.tsx +20 -12
src/app/compare/page.tsx +98 -32
src/utils/security/blockchainSecurity.ts +84 -0
src/lib/propertyCache.ts +10 -3
src/lib/rateLimit.ts +53 -17
src/utils/structuredLogger.ts +3 -0

Validation

  • ✅ TypeScript typecheck passes
  • ✅ ESLint passes with no errors or warnings

Closes #427, Closes #430, Closes #433, Closes #440

@solomon35-stack
fix: resolve 4 security and performance issues (427, 430, 433, 440)
59debf7 
- MettaChain#427: Add setInterval cleanup guards in propertyCache.ts, rateLimit.ts, and
  structuredLogger.ts to prevent interval leaks on HMR and module re-imports
- MettaChain#430: Remove dangerouslySetInnerHTML from chart.tsx; use safe React style
  children instead
- MettaChain#433: Add normalizeToBigInt helper with parseEther in blockchainSecurity.ts
  to handle hex, scientific notation, and decimal ether input values
- MettaChain#440: Replace document.write in compare/page.tsx with safe DOM API calls
  (createElement, textContent) for PDF export

Closes MettaChain#427, Closes MettaChain#430, Closes MettaChain#433, Closes MettaChain#440
@solomon35-stack
Merge branch 'main' into fix/solomon35-stack-issues-427-430-433-440
3ca8fdd
@drips-wave

drips-wave Bot commented Jun 28, 2026

Copy link
Copy Markdown

@solomon35-stack Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

1 participant

@solomon35-stack