UX: show complete URL path if website domain is same as instance domain#5
UX: show complete URL path if website domain is same as instance domain#5akshayutture-augment wants to merge 1 commit into
Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| def include_website_name | ||
| website.present? |
There was a problem hiding this comment.
The new website_name attribute is always serialized whenever website.present? because include_website_name (lines 153‑154) ignores the scope.restrict_user_fields? guard that hides :website for TL0 users viewed anonymously. As a result an anonymous visitor can still see model.website_name (and the UI now renders it) even though the real website URL is intentionally withheld, leaking information that was meant to be hidden. website_name needs to obey the same restriction as website (e.g. add it to untrusted_attributes or check scope.restrict_user_fields? before including it).
Useful? React with 👍 / 👎.
2 participants
Test 6
Replicated from ai-code-review-evaluation/discourse-cursor#6