fix(electrobun): address all 22 Codex review #2 findings

CRITICAL: - DocsTab XSS: DOMPurify sanitization on all {@html} output - File RPC path traversal: guardPath() validates against project CWDs HIGH: - SSH injection: spawn /usr/bin/ssh via PTY args, no shell string - Search XSS: strip HTML, highlight matches client-side with <mark> - Terminal listener leak: cleanup functions stored + called in onDestroy - FileBrowser race: request token, discard stale responses - SearchOverlay race: same request token pattern - App startup ordering: groups.list chains into active_group restore - PtyClient timeout: 5-second auth timeout on connect() - Rule 55: 6 {#if} patterns converted to style:display toggle MEDIUM: - Agent persistence: only persist NEW messages (lastPersistedIndex) - Search errors: typed error response, "Invalid query" UI - Health store wired: agent events call recordActivity/setProjectStatus - index.ts SRP: split into 8 domain handler modules (298 lines) - App.svelte: extracted workspace-store.svelte.ts - rpc.ts: typed AppRpcHandle, removed `any` LOW: - CommandPalette listener wired in App.svelte - Dead code removed (removeGroup, onDragStart, plugin loaded)
2026-03-22 02:30:09 +01:00 · 2026-03-22 02:30:09 +01:00 · 1cd4558740
commit 1cd4558740
parent 8e756d3523
28 changed files with 1342 additions and 1164 deletions
--- a/ui-electrobun/src/mainview/Terminal.svelte
+++ b/ui-electrobun/src/mainview/Terminal.svelte
@ -23,6 +23,8 @@
  let unsubFont: (() => void) | null = null;
  let ro: ResizeObserver | null = null;
  let destroyed = false;
+  // Fix #5: Store listener cleanup functions to prevent leaks
+  let listenerCleanups: Array<() => void> = [];

  /** Decode a base64 string from the daemon into a Uint8Array. */
  function decodeBase64(b64: string): Uint8Array {
@ -126,6 +128,12 @@
    };
    appRpc.addMessageListener('pty.closed', closedHandler);

+    // Fix #5: Store cleanup functions for message listeners
+    listenerCleanups.push(
+      () => appRpc.removeMessageListener?.('pty.output', outputHandler),
+      () => appRpc.removeMessageListener?.('pty.closed', closedHandler),
+    );
+
    // ── Send user input to daemon ──────────────────────────────────────────

    term.onData((data: string) => {
@ -148,7 +156,11 @@
    destroyed = true;
    unsubFont?.();
    ro?.disconnect();
-    // Fix #1: Close the PTY session (not just unsubscribe) to prevent session leak
+    // Fix #5: Clean up all message listeners to prevent leaks
+    for (const cleanup of listenerCleanups) {
+      try { cleanup(); } catch { /* ignore */ }
+    }
+    listenerCleanups = [];
    appRpc.request['pty.close']({ sessionId }).catch(() => {});
    term?.dispose();
  });