guettli/sharedinbox
1
0
Fork 0
Code Issues 21 Pull Requests 6 Actions Packages Projects Releases Wiki Activity

feat(S2): validate IMAP/SMTP hostnames against injection #25

Merged
guettlibot merged 1 commits from task/s2-hostname-validation into main 2026-05-13 21:49:34 +00:00
Conversation 0 Commits 1 Files Changed 3
+2159 -35283
guettlibot commented 2026-05-13 21:46:16 +00:00 (Migrated from codeberg.org)
Copy Link
Copy Source

Summary

  • Add validateHostname and validateOptionalHostname to host_utils.dart; reject values containing @, /, \, or control characters (< 0x20 or 0x7F)
  • Wire validateHostname into IMAP and SMTP host fields in AddAccountScreen and EditAccountScreen
  • Wire validateOptionalHostname into the optional ManageSieve host field in EditAccountScreen

Test plan

  • task check-fast passes locally
  • Entering evil@host or host/path shows "Invalid hostname" inline error and blocks form submission
## Summary - Add `validateHostname` and `validateOptionalHostname` to `host_utils.dart`; reject values containing `@`, `/`, `\`, or control characters (< 0x20 or 0x7F) - Wire `validateHostname` into IMAP and SMTP host fields in `AddAccountScreen` and `EditAccountScreen` - Wire `validateOptionalHostname` into the optional ManageSieve host field in `EditAccountScreen` ## Test plan - [x] `task check-fast` passes locally - [x] Entering `evil@host` or `host/path` shows "Invalid hostname" inline error and blocks form submission
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
NeedSupervisor
Issue escalated to a human supervisor; agentloop will skip it until cleared.
 State/InProgress
State/Later
State/Planned
automerge
Eligible for automatic merge by CI
 ci-failure
Issue opened by agentloop to track a failing CI workflow; used for deduplication.
 do-not-merge
Plan PR — review only, do not merge.
 loop/code
Add to run the built-in "code" prompt; override at prompts/code.md.
 loop/code-ci-pending
Prompt "code" finished; waiting for the PR's CI to pass before advancing.
 loop/code-done
Prompt "code" finished successfully.
 loop/code-in-process
Agent for the "code" prompt is currently running on this issue.
 loop/merge
Managed by agentloop
 loop/merge-done
Managed by agentloop
 loop/merge-in-process
Managed by agentloop
 loop/plan
Add to run the built-in "plan" prompt; override at prompts/plan.md.
 loop/plan-done
Prompt "plan" finished successfully.
 loop/plan-in-process
Agent for the "plan" prompt is currently running on this issue.
No labels
Milestone
No items
No Milestone
Projects
Clear projects
No projects
Assignees
Clear assignees
guettlibot guettli
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: guettli/sharedinbox#25