Alex-Devera/3x-ui
1
0
Fork 0
mirror of https://github.com/MHSanaei/3x-ui.git synced 2026-06-06 21:24:10 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
3x-ui/docs/Tasktracking/2026-04-24-fix-clash-yaml-code-quality.md
root 288635adfc fix: Clash YAML injection, path validation, and default template 
- Quote all YAML string values with %q to prevent injection
- Remove unused host parameter from GetClash
- Add backend path normalization for SubClashPath
- Log StreamSettings JSON unmarshal errors
- Expand template panel by default and provide default template
2026-04-24 14:35:28 +08:00

834 B
Raw Blame History

Fix Clash YAML Subscription Code Quality Issues

Date: 2026-04-24 Type: bugfix / code-quality Version: v1.5.3-beta

Issues Fixed

  • YAML injection (C2): All string values in Clash YAML generation changed from %s to %q for proper quoting
  • Unused parameter (I1): Removed unused host parameter from GetClash method
  • Path validation (I3): Added backend normalization for SubClashPath (auto-add leading/trailing /)
  • Silent JSON error (I4): Added warning log when StreamSettings JSON unmarshal fails
  • Template visibility: Clash YAML template panel now expanded by default
  • Default template: Added sensible default Clash YAML template in settings defaults

Note

C1 from review (nil inboundService panic) was a false alarm — InboundService is a value type, not a pointer.