From 60ae1c2481fb9c23aa1173b3f3b68f8776af54ad Mon Sep 17 00:00:00 2001 From: Shevchik Igor Date: Sat, 20 Jun 2026 07:20:07 +0000 Subject: [PATCH] docs(Chat): validate AI assistant currentPage input MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Port of upstream nuxt/ui f71bc469 (partial — docs-only). docs/server/api/ai.post.ts: currentPage is interpolated verbatim into the AI system prompt, an indirect prompt-injection surface (a direct POST can smuggle newlines/instructions, bypassing the client's /docs/ check). Add a server-side safeCurrentPage guard (string, length <= 128, no CR/LF, matches /^\/docs\/[\w/-]*$/) and use it in the prompt. Matches b24ui's client, which already only sends currentPage for /docs/ paths. The upstream useTheme.ts sanitizers are a no-op for b24ui: the AI theme application is already neutered here (customColors/cssVariables styles are empty computed, applyThemeSettings is a track-only stub, no injectCustomColors or appConfig.ui mutation), so the untrusted