feat(web): copy session reference from context menu#951
Open
heavygee wants to merge 2 commits into
Open
Conversation
Refs tiann#950 Adds a More actions item that copies a cross-session citation (see session "title" (/sessions/id) for context) instead of a bare share URL. Co-authored-by: Cursor <cursoragent@cursor.com>
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
Findings
- [Major] Unsanitized session titles are copied into cross-session prompts. See inline comment at
web/src/lib/sessionReference.ts:10.
Summary
Review mode: initial
One issue found. The new copied reference text includes the session title verbatim; session titles are not constrained by the schema and can be generated by agent/tool output, so pasting this into another agent session can carry prompt-injection text or multiline instructions along with the citation.
Testing
Not run (automation)
JSON-escape titles and collapse whitespace so arbitrary session names cannot inject prompt text into cross-session citations. Addresses Codex review on tiann#951. Co-authored-by: Cursor <cursoragent@cursor.com>
There was a problem hiding this comment.
Findings
- No issues found with confidence >= 80% in the added/modified lines.
Summary
- Review mode: initial
- Reviewed the full PR diff for the session action menu, session reference helper, locale additions, and related unit tests. Residual risk: I could not execute the web test/typecheck commands in this runner because
bunis unavailable.
Testing
- Not run (automation):
bunnot found in PATH, sobun run --cwd web test src/lib/sessionReference.test.ts src/components/SessionActionMenu.test.tsxandbun run --cwd web typecheckcould not execute.
HAPI Bot
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds Copy reference to the session More actions menu (session list long-press/right-click and session header overflow). Clipboard text is a cross-session citation, not a share URL:
Closes #950
Test plan
web: SessionActionMenu + sessionReference unit testsweb: typecheckMade with Cursor