π‘οΈ Sentinel: [security improvement] CSP Trusted Types μ μ± λ° DOMPurify μλ μΆκ°#42
Conversation
|
π Jules, reporting for duty! I'm here to lend a hand with this pull request. When you start a review, I'll add a π emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down. I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job! For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with New to Jules? Learn more at jules.google/docs. For security, I will only act on instructions from the user who triggered this task. |
There was a problem hiding this comment.
Pull request overview
This PR hardens the static site against DOM-based XSS by enforcing Trusted Types via CSP and registering a default Trusted Types policy backed by DOMPurify, with supporting documentation updates.
Changes:
- Add
require-trusted-types-for 'script'to the CSP meta tag inindex.html. - Introduce
security.jsto register a default Trusted Types policy that sanitizes HTML via DOMPurify. - Vendor DOMPurify (
assets/dompurify.min.js) and document the Sentinel security learning in.jules/sentinel.md.
Reviewed changes
Copilot reviewed 3 out of 4 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| index.html | Enforces Trusted Types in CSP and loads DOMPurify + the default policy script. |
| security.js | Registers a default Trusted Types policy that sanitizes HTML with DOMPurify. |
| assets/dompurify.min.js | Adds vendored DOMPurify runtime used by the Trusted Types policy. |
| .jules/sentinel.md | Documents the Trusted Types hardening rationale and prevention guidance. |
π‘ Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
OpenCode reviewed the current-head evidence but found unresolved reviewer or review-agent threads before approval.
Findings
1. HIGH .github/workflows/opencode-review.yml:1 - Unresolved reviewer thread blocks automated approval
- Problem: OpenCode reached an APPROVE control result, but the approval step found unresolved, non-outdated human or review-agent thread evidence on the current pull request.
- Root cause: Reviewer and review-agent feedback can arrive after bounded model evidence is prepared, so the approval step must re-query GitHub immediately before publishing an approval.
- Fix: Address or resolve the listed reviewer thread(s), then re-run OpenCode on the current head.
- Regression test: Keep the approval gate querying reviewThreads(first: 100) after model output and before create_pull_review APPROVE, including bot review agents other than OpenCode itself.
Review thread evidence
Latest unresolved reviewer thread evidence
security.js line 7
- Latest reviewer comment: @copilot-pull-request-reviewer at 2026-07-01T16:36:27Z
- Comment URL: #42 (comment)
- Comment excerpt: 'trustedTypes.createPolicy('default', β¦)' can throw (e.g., if a default policy already exists), which would break page load. Also, the guard checks 'window.trustedTypes' but then uses the unqualified 'trustedTypes' identifier, and the policy assumes DOMPurify is always present. Consider using 'window.trustedTypes' consistently, checking 'window.DOMPurify', and wrapping policy creation in a try/catch so the page still loads if policy creation fails.
index.html line 28
- Latest reviewer comment: @copilot-pull-request-reviewer at 2026-07-01T16:36:27Z
- Comment URL: #42 (comment)
- Comment excerpt: The newly added scripts are render-blocking because they omit 'defer', while 'i18n.js' is already deferred. Since these scripts don't appear to be needed during initial HTML parsing, deferring them will avoid blocking and keep script execution order (DOMPurify β security policy β i18n) intact.
.jules/sentinel.md line 19
-
Latest reviewer comment: @copilot-pull-request-reviewer at 2026-07-01T16:36:27Z
-
Comment URL: #42 (comment)
-
Comment excerpt: In Chromium, Trusted Types enforcement typically throws a Trusted Types violation (e.g., a TypeError) rather than "crashing" the browser. Rewording avoids ambiguity and keeps the doc technically precise.
-
Result: REQUEST_CHANGES
-
Reason: unresolved reviewer or review-agent thread(s) were present before approval.
-
Head SHA:
d2338c5e7cae34c3d4c99f42ebe9b0751e94d94a -
Workflow run: 28532676057
-
Workflow attempt: 1
Changed-File Evidence Map
flowchart LR
PR["PR changed files"] --> Evidence["OpenCode bounded evidence"]
Evidence --> S1["Changed file (4 files)"]
S1 --> I1["repository behavior"]
I1 --> R1["Review risk: Changed file (4 files)"]
R1 --> V1["required checks"]
OpenCode Review Overview
Pull request overviewOpenCode reviewed the current-head bounded evidence and found no blocking issues. FindingsNo blocking findings. SummaryApproval sufficiency: bounded evidence supplied affirmative approval evidence for changed files, coverage/docstring posture, risk surfaces, and current-head verification; approval is not based merely on the absence of known blockers.
Changed-File Evidence Mapflowchart LR
PR["PR changed files"] --> Evidence["OpenCode bounded evidence"]
Evidence --> S1["Changed file (4 files)"]
S1 --> I1["repository behavior"]
I1 --> R1["Review risk: Changed file (4 files)"]
R1 --> V1["required checks"]
|
- wrap trustedTypes.createPolicy in try/catch so a throw (e.g. an existing 'default' policy or CSP restriction) no longer breaks page load - use window.trustedTypes consistently instead of the unqualified global - guard window.DOMPurify before using it in createHTML Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01C2Mig78TxShv22uBcr7pCo
There was a problem hiding this comment.
Pull request overview
OpenCode reviewed the current-head bounded evidence and found no blocking issues.
Findings
No blocking findings.
Summary
Approval sufficiency: bounded evidence supplied affirmative approval evidence for changed files, coverage/docstring posture, risk surfaces, and current-head verification; approval is not based merely on the absence of known blockers.
Verification posture: CodeGraph evidence was initialized and bounded current-head evidence reviewed for changed-file evidence including .jules/sentinel.md, assets/dompurify.min.js, index.html, security.js.
Linter/static: workflow/static review evidence is bounded by the current-head GitHub Checks gate and changed-file evidence.
TDD/regression: coverage execution evidence and focused changed hunks were reviewed from bounded-review-evidence.md.
Coverage: coverage execution evidence reports test coverage as not applicable because no supported changed source files or package manifests were found.
Docstring coverage: coverage execution evidence reports docstring coverage as not applicable because no supported changed source files or package manifests were found.
DAG: CodeGraph/source-backed behavior map connects .jules/sentinel.md to the affected review, runtime, or workflow path and required checks.
PoC/execution: coverage-evidence job executed on the current head and reported PASS.
DDD/domain: workflow and repository-governance invariants were reviewed against changed files in bounded evidence.
CDD/context: CodeGraph evidence, changed-file history, and focused hunks were reviewed from bounded-review-evidence.md.
Similar issues: changed-file history evidence was reviewed for comparable local precedents.
Claim/concept check: bounded evidence, repository source, current-head workflow evidence, and, where numeric, scientific, statistical, or literature-backed claims are affected, original-paper/formula evidence and parameter-recovery expectations were used for claims.
Standards search: standards and external-source checks are delegated to configured OpenCode web_search/Context7/DeepWiki sources when applicable; no evidence-backed standards blocker is present in bounded evidence.
Compatibility/convention: changed workflow/script conventions, object naming, and reserved-word safety for schema/API/config/code surfaces were checked in bounded evidence.
Breaking-change/backcompat: deployment evidence and changed-file history were checked for backward-compatibility risk.
Performance: changed surfaces were checked for performance risk in bounded evidence.
Developer experience: changed automation, review, test, setup, and maintenance surfaces were checked for helpful or obstructive DX impact in bounded evidence.
User experience: connected user, operator, API, CLI, documentation, review-comment, status-check, rendering, and workflow-reader behavior was checked for contradictions against code, docs, and tests in bounded evidence.
Visual/DOM: Playwright visual, DOM locator, ARIA snapshot, console, and responsive evidence were checked when a web UI surface was present; for non-web surfaces, API/CLI/log/docs/workflow interaction evidence was reviewed instead.
Accessibility/i18n: accessibility, localization, and human-readable text surfaces were checked where UI, CLI, API message, docs, logs, or review text changed.
Supply-chain/license: dependency, package, model, container, and external-tool changes were checked in bounded evidence.
Packaging: package, build, test, lint, and security contracts were checked in bounded evidence.
Security/privacy: workflow-token, review-gate, and repository-automation security/privacy boundaries were checked in bounded evidence.
- Result: APPROVE
- Reason: Security improvements for CSP Trusted Types and DOMPurify sanitization are correctly implemented.
- Head SHA:
92af78d394139eacde15c6661d6458961a9bede7 - Workflow run: 28859693160
- Workflow attempt: 1
Changed-File Evidence Map
flowchart LR
PR["PR changed files"] --> Evidence["OpenCode bounded evidence"]
Evidence --> S1["Changed file (4 files)"]
S1 --> I1["repository behavior"]
I1 --> R1["Review risk: Changed file (4 files)"]
R1 --> V1["required checks"]
|
You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool. What Enabling Code Scanning Means:
For more information about GitHub Code Scanning, check out the documentation. |
There was a problem hiding this comment.
Pull request overview
OpenCode reviewed the current-head bounded evidence and found no blocking issues.
Findings
No blocking findings.
Summary
Approval sufficiency: bounded evidence supplied affirmative approval evidence for changed files, coverage/docstring posture, risk surfaces, and current-head verification; approval is not based merely on the absence of known blockers.
Verification posture: CodeGraph evidence was initialized and bounded current-head evidence reviewed for changed-file evidence including .jules/sentinel.md, assets/dompurify.min.js, index.html, security.js.
Linter/static: workflow/static review evidence is bounded by the current-head GitHub Checks gate and changed-file evidence.
TDD/regression: coverage execution evidence and focused changed hunks were reviewed from bounded-review-evidence.md.
Coverage: coverage execution evidence reports test coverage as not applicable because no supported changed source files or package manifests were found.
Docstring coverage: coverage execution evidence reports docstring coverage as not applicable because no supported changed source files or package manifests were found.
DAG: CodeGraph/source-backed behavior map connects .jules/sentinel.md to the affected review, runtime, or workflow path and required checks.
PoC/execution: coverage-evidence job executed on the current head and reported PASS.
DDD/domain: workflow and repository-governance invariants were reviewed against changed files in bounded evidence.
CDD/context: CodeGraph evidence, changed-file history, and focused hunks were reviewed from bounded-review-evidence.md.
Similar issues: changed-file history evidence was reviewed for comparable local precedents.
Claim/concept check: bounded evidence, repository source, current-head workflow evidence, and, where numeric, scientific, statistical, or literature-backed claims are affected, original-paper/formula evidence and parameter-recovery expectations were used for claims.
Standards search: standards and external-source checks are delegated to configured OpenCode web_search/Context7/DeepWiki sources when applicable; no evidence-backed standards blocker is present in bounded evidence.
Compatibility/convention: changed workflow/script conventions, object naming, and reserved-word safety for schema/API/config/code surfaces were checked in bounded evidence.
Breaking-change/backcompat: deployment evidence and changed-file history were checked for backward-compatibility risk.
Performance: changed surfaces were checked for performance risk in bounded evidence.
Developer experience: changed automation, review, test, setup, and maintenance surfaces were checked for helpful or obstructive DX impact in bounded evidence.
User experience: connected user, operator, API, CLI, documentation, review-comment, status-check, rendering, and workflow-reader behavior was checked for contradictions against code, docs, and tests in bounded evidence.
Visual/DOM: Playwright visual, DOM locator, ARIA snapshot, console, and responsive evidence were checked when a web UI surface was present; for non-web surfaces, API/CLI/log/docs/workflow interaction evidence was reviewed instead.
Accessibility/i18n: accessibility, localization, and human-readable text surfaces were checked where UI, CLI, API message, docs, logs, or review text changed.
Supply-chain/license: dependency, package, model, container, and external-tool changes were checked in bounded evidence.
Packaging: package, build, test, lint, and security contracts were checked in bounded evidence.
Security/privacy: workflow-token, review-gate, and repository-automation security/privacy boundaries were checked in bounded evidence.
- Result: APPROVE
- Reason: Trusted Types enforcement + DOMPurify added; no blocking regressions found.
- Head SHA:
c004494a2347f4423ba1c41fb798e352c354a6e4 - Workflow run: 29085141257
- Workflow attempt: 1
Changed-File Evidence Map
flowchart LR
PR["PR changed files"] --> Evidence["OpenCode bounded evidence"]
Evidence --> S1["Changed file (4 files)"]
S1 --> I1["repository behavior"]
I1 --> R1["Review risk: Changed file (4 files)"]
R1 --> V1["required checks"]
Superseded by current-head c004494 approval; all review threads are resolved/outdated, code scanning is empty, and Strix/OSV/Trivy/dependency-review/OpenCode checks passed.
π¨ Severity: HIGH
π‘ Vulnerability: μ ν리μΌμ΄μ μ Trusted Types μ μ± μ΄ κ°μ λμ§ μμ, μΆν DOM sink(μ: innerHTML)μ μ λ’°ν μ μλ λ°μ΄ν°κ° ν λΉλ κ²½μ° DOM κΈ°λ° XSS 곡격μ λ ΈμΆλ μνμ΄ μ‘΄μ¬νμ΅λλ€.
π― Impact: 곡격μκ° μ μ± μ€ν¬λ¦½νΈλ₯Ό μ£Όμ νμ¬ μ¬μ©μ λΈλΌμ°μ μμ μμμ μ½λλ₯Ό μ€ννκ±°λ μΈμ μ νμ·¨ν μ μμ΅λλ€.
π§ Fix:
index.htmlμ CSP μ€μ μrequire-trusted-types-for 'script'μ§μμ΄λ₯Ό μΆκ°νκ³ , ν립λ 보μ λΌμ΄λΈλ¬λ¦¬μΈ DOMPurifyλ₯Ό μ¬μ©ν΄ μ λ ₯μ μμ νκ² μλ νλ κΈ°λ³Έ(default) Trusted Types μ μ± μsecurity.jsμ λ±λ‘νμ΅λλ€. μ΄λ₯Ό ν΅ν΄ DOM sinkμ λ¬Έμμ΄μ΄ ν λΉλ λ μλμΌλ‘ μμ ν TrustedHTMLλ‘ λ³νλλλ‘ νμ¬ XSSλ₯Ό λ°©μ΄νκ³ ν¬λ‘λ―Έμ κΈ°λ° λΈλΌμ°μ μμμ μΆ©λμ μλ°©νμ΅λλ€.β Verification: κΈ°μ‘΄ i18n ν μ€νΈ μ€ν¬λ¦½νΈμ λμΌν νκ²½μμ λ‘컬 Playwright μ€ν¬λ¦½νΈλ₯Ό ν΅ν΄ μ±μ μ μ λ‘λ©κ³Ό ν μ€νΈ ν΅κ³Όλ₯Ό νμΈνμ΅λλ€. λΈλΌμ°μ μ½μμμ Trusted Types μ μ± μλ° μ€λ₯λ DOMPurifyλ‘ μΈν μΆ©λμ΄ λ°μνμ§ μμμ κ²μ¦νμ΅λλ€.
PR created automatically by Jules for task 1006353573105115304 started by @seonghobae