various fixes and improvements#45
Open
neuhaus wants to merge 67 commits into
Open
Conversation
…when sql param is present
Table names from .sqlite files were injected as raw HTML in the select dropdown options and the Select2 formatter. A malicious table name containing script tags or event handlers would execute arbitrary JS. Now uses jQuery DOM methods (.text(), .val(), createTextNode) to safely set text content.
The WASM binary was loaded from a hardcoded absolute URL pointing to inloop.github.io, making the app fail offline and causing forks/ self-hosted deployments to silently depend on the original hosting. The file already exists locally at js/sql-wasm.wasm.
These three images (select2-spinner.gif, select2.png, select2x2.png) were leftover assets from the Select2 library, never referenced anywhere in the codebase.
These .map files added ~900 KB to the repo with no runtime benefit for end users. They are development aids that don't need to be committed to a static site repo.
This jQuery call targeted an element that doesn't exist in the HTML, making it a silent no-op.
Remove hidden <img> preload trick and <link rel='image_src'> — both are obsolete techniques superseded by the og:image meta tag that is already present.
Added a quoteIdentifier() helper that uses SQL-standard double-quote escaping (doubling embedded double-quotes). Applied to all four places where table names are interpolated into SQL strings. Previously, table names containing single quotes would break queries.
This jQuery plugin created a read-only textarea overlay on table cells (the editor was initialized with <textarea readonly>), providing no actual editing capability while adding complexity and event listeners.
Modernize remote DB loading to use fetch() with arrayBuffer(). Shorter, cleaner, and better error handling via .catch().
Replace == and != with === and !== in parseLimitFromQuery for consistency with the rest of the codebase.
Add common patterns: .DS_Store, editor swap files, node_modules, and *.map to prevent source maps from being re-committed.
This reverts commit 3576dbd.
…SQLite3 WASM inside Web Worker
…SQLableTypedArray implementation
…ata modifying queries
…ed to ensure pagination count updates correctly
…vironment-driven loading defaults and volume mounting
…d mapping for data.zip in Nginx/entrypoint
…al database loads
… JavaScript config files for queries containing single quotes
…it directories from the production Docker image
…e public container web root
…ory and update build documentation
…pper to support sub-SELECTs and JOINs
…nd be robust against subquery LIMITs
- History button next to Execute opens a Bootstrap Offcanvas sidebar - Queries are stored per-database using unique key signatures (url:, file:, zip: prefixes) - Deduplicates queries by moving repeats to top of list - Max 50 entries per database - Auto-skips empty queries and pagination COUNT(*) queries - Each card shows timestamp, Run, Copy, and Delete actions - Clear Active button clears current database history - Clear All button removes history for all databases - Clicking a query card loads and executes it - Dark mode theming with CSS custom properties
navigator.clipboard.writeText in an inline onclick expression loses the user-activation context in Firefox. Use a named function with a legacy textarea/execCommand fallback.
The async navigator.clipboard API loses user-gesture context in Firefox
when the promise rejects, making the fallback also fail. Use a purely
synchronous textarea + execCommand('copy') approach with explicit focus.
Bootstrap Offcanvas uses a focus trap that immediately yanks focus back when ta.focus() targets an element outside the offcanvas. Appending the hidden textarea inside the sidebar element keeps it within the trap.
Execute on top, History below, each taking half the textarea height using flex-column with flex-fill on both buttons.
Author
|
The README now links to a live example at neuhaus.github.io, you'll probably want to change (or remove) that. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
I did a cleanup removing some depencencies, updating those that are still needed and replacing the editor with something smaller.
Here is a big PR (sorry) implementing what's described in issue #44
also: