fix: harden cookie flags, sanitize Genie markdown output, fix remote tunnel (#216)

pkosiec · web-flow · commit c39b88bebc81 · 2026-03-26T17:42:18.000+01:00
* fix: harden cookie flags and sanitize Genie markdown output

- Set httpOnly and secure flags on dev-tunnel-id cookie
- Add DOMPurify sanitization to Genie chat message markdown rendering

Signed-off-by: Pawel Kosiec &lt;pawel.kosiec@databricks.com&gt;

* fix: copy remote tunnel HTML files to dist during build

Signed-off-by: Pawel Kosiec &lt;pawel.kosiec@databricks.com&gt;

* fix(ci): use npm install for PR template artifact step

prepare-pr-template.ts rewrites dependencies to file: tarballs, which
will never match the lockfile copied from template/ — npm ci will
always fail here, so npm install is required.

Signed-off-by: Pawel Kosiec &lt;pawel.kosiec@databricks.com&gt;

---------

Signed-off-by: Pawel Kosiec &lt;pawel.kosiec@databricks.com&gt;
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -155,7 +155,7 @@ jobs:
 
       - name: Install template dependencies
         working-directory: pr-template
-        run: npm ci
+        run: npm install
 
       - name: Create zip artifact
         working-directory: pr-template
diff --git a/apps/dev-playground/package.json b/apps/dev-playground/package.json
@@ -10,7 +10,7 @@
     "build": "npm run build:app",
     "build:app": "tsdown --out-dir build server/index.ts && cd client && npm run build",
     "build:server": "tsdown --out-dir build server/index.ts",
-    "install": "cd client && npm ci && cd ..",
+    "install": "cd client && npm install && cd ..",
     "preview": "vite preview",
     "check": "tsc",
     "clean": "rm -rf build && cd client && rm -rf dist",
diff --git a/packages/appkit-ui/package.json b/packages/appkit-ui/package.json
@@ -77,6 +77,7 @@
     "class-variance-authority": "0.7.1",
     "clsx": "2.1.1",
     "cmdk": "1.1.1",
+    "dompurify": "3.3.3",
     "echarts": "6.0.0",
     "echarts-for-react": "3.0.5",
     "embla-carousel-react": "8.6.0",
diff --git a/packages/appkit-ui/src/react/genie/genie-chat-message.tsx b/packages/appkit-ui/src/react/genie/genie-chat-message.tsx
@@ -1,3 +1,4 @@
+import DOMPurify from "dompurify";
 import { marked } from "marked";
 import { useMemo } from "react";
 import { cn } from "../lib/utils";
@@ -9,7 +10,7 @@ import type { GenieAttachmentResponse, GenieMessageItem } from "./types";
 /**
  * Using `marked` instead of `react-markdown` because `react-markdown` depends on
  * `micromark-util-symbol` which has broken ESM exports with `rolldown-vite`.
- * Content comes from our own Genie API so `dangerouslySetInnerHTML` is safe.
+ * Output is sanitized with DOMPurify before being passed to `dangerouslySetInnerHTML`.
  */
 marked.setOptions({ breaks: true, gfm: true });
 
@@ -43,7 +44,10 @@ export function GenieChatMessage({
   const isUser = message.role === "user";
   const queryAttachments = message.attachments.filter(isQueryAttachment);
   const html = useMemo(
-    () => (message.content ? (marked.parse(message.content) as string) : ""),
+    () =>
+      message.content
+        ? DOMPurify.sanitize(marked.parse(message.content) as string)
+        : "",
     [message.content],
   );
 
diff --git a/packages/appkit/src/plugins/server/remote-tunnel/remote-tunnel-manager.ts b/packages/appkit/src/plugins/server/remote-tunnel/remote-tunnel-manager.ts
@@ -208,7 +208,8 @@ export class RemoteTunnelManager {
       }
 
       res.cookie("dev-tunnel-id", tunnelId, {
-        httpOnly: false,
+        httpOnly: true,
+        secure: true,
         sameSite: "lax",
       });
 
diff --git a/packages/appkit/tsdown.config.ts b/packages/appkit/tsdown.config.ts
@@ -27,5 +27,12 @@ export default defineConfig([
       return /^[^./]/.test(id) || id.includes("/node_modules/");
     },
     tsconfig: "./tsconfig.json",
+    copy: [
+      {
+        from: "src/plugins/server/remote-tunnel/*.html",
+        to: "dist/plugins/server/remote-tunnel",
+        flatten: true,
+      },
+    ],
   },
 ]);
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml

Original file line number	Diff line number	Diff line change
`@@ -208,7 +208,8 @@ export class RemoteTunnelManager {`
`208`	`208`	`}`
`209`	`209`
`210`	`210`	`res.cookie("dev-tunnel-id", tunnelId, {`
`211`		`- httpOnly: false,`
	`211`	`+ httpOnly: true,`
	`212`	`+ secure: true,`
`212`	`213`	`sameSite: "lax",`
`213`	`214`	`});`
`214`	`215`