From ff7cdc882b7c932894ea36fb5839d3a6a1a26671 Mon Sep 17 00:00:00 2001 From: seonghobae <8172694+seonghobae@users.noreply.github.com> Date: Thu, 2 Jul 2026 03:48:57 +0000 Subject: [PATCH] feat: add maxLength constraint to YouTube URL input - Enforce `maxLength={2048}` on the YouTube URL input field. - Ensure compliance with front-end security considerations for DoS via excessively large inputs. - Verified test coverage for enforcement. --- apps/desktop/src/App.test.tsx | 6 ++++++ apps/desktop/src/App.tsx | 1 + 2 files changed, 7 insertions(+) diff --git a/apps/desktop/src/App.test.tsx b/apps/desktop/src/App.test.tsx index c039dfba..4dcf50d6 100644 --- a/apps/desktop/src/App.test.tsx +++ b/apps/desktop/src/App.test.tsx @@ -1433,4 +1433,10 @@ describe("App", () => { expect(settingsSpan).toHaveAttribute("tabIndex", "0"); expect(settingsSpan).toHaveAttribute("role", "button"); }); + + it("enforces a maximum length on the YouTube URL input", () => { + render(); + const input = screen.getByPlaceholderText(/YouTube URL.../i); + expect(input).toHaveAttribute("maxLength", "2048"); + }); }); diff --git a/apps/desktop/src/App.tsx b/apps/desktop/src/App.tsx index 24f5fb09..10327b13 100644 --- a/apps/desktop/src/App.tsx +++ b/apps/desktop/src/App.tsx @@ -607,6 +607,7 @@ export function App() { value={youtubeUrl} onChange={(e) => setYoutubeUrl(e.target.value)} disabled={analysisInFlight || isStarting || isImporting} + maxLength={2048} className="h-10 flex-1 border-0 bg-transparent text-slate-100 placeholder:text-slate-500 focus-visible:ring-cyan-300" aria-label="YouTube URL" />