[docs] add code quality guidelines for i18n, async cleanup, and error handling #4305
Conversation
CLAUDE.md
Outdated
| @@ -52,3 +52,7 @@ | |||
| - Templates: `api.fileURL('/templates/default.json')` | |||
| - Extensions: `api.fileURL(extensionPath)` for loading JS modules | |||
| - Any static assets that exist in the public directory | |||
| - Sanitize dynamically generated HTML content or use templates instead of v-html | |||
There was a problem hiding this comment.
This one reads as a little vaguely worded; "santitize" could likely be interpreted a few ways.
There was a problem hiding this comment.
Any suggestions?
There was a problem hiding this comment.
Honestly I am not super sure, sorry - I've no context about what this was written in reaction to.
There was a problem hiding this comment.
We had three features recently that injected raw html with v-html (node info side panel, release notification system, tooltips on usage log table). In all cases, the html strings are recieved from external source.
It wasn't a major issue in those three cases because the first santized with dom purify and the second two were from comfy-org endpoints, but it made me realize that this is a good thing to have CC watch out for when writing code.
There was a problem hiding this comment.
Maybe something like:
If you are implementing code that will output raw, dynamically generated HTML (e.g. injecting a string that is assumed to be HTML), always ensure the dynamic content has been {{ validated / parsed / ... }}.
There was a problem hiding this comment.
Done, thanks.
… review feedback Replace vague "sanitize" wording with specific guidance on using DOMPurify and validating trusted sources when using v-html directive
christian-byrne
force-pushed
the
docs/improve-code-quality-guidelines
branch
from
818d0cf to
f10d0ac
Compare
Adds best practice guidelines to CLAUDE.md based on common code review feedback patterns. These guidelines help ensure consistent code quality across the codebase by emphasizing proper i18n usage, async operation cleanup, and user-friendly error messaging.
┆Issue is synchronized with this Notion page by Unito