fix(industry): 三轮审计修复 — 3 HIGH + 4 MEDIUM 清零
Some checks failed
CI / Lint & TypeCheck (push) Has been cancelled
CI / Unit Tests (push) Has been cancelled
CI / Build Frontend (push) Has been cancelled
CI / Rust Check (push) Has been cancelled
CI / Security Scan (push) Has been cancelled
CI / E2E Tests (push) Has been cancelled
Some checks failed
CI / Lint & TypeCheck (push) Has been cancelled
CI / Unit Tests (push) Has been cancelled
CI / Build Frontend (push) Has been cancelled
CI / Rust Check (push) Has been cancelled
CI / Security Scan (push) Has been cancelled
CI / E2E Tests (push) Has been cancelled
H1: status 值不匹配 disabled→inactive + source 补 admin 映射 + valueEnum H2: experience.rs format_for_injection 添加 xml_escape H3: TriggerContext industry_keywords 接通全局缓存 M2: ID 自动生成移除中文字符保留 + 无 ASCII 时提示手动输入 M3: TS CreateIndustryRequest 添加 id? 字段 M4: ListIndustriesQuery 添加 deny_unknown_fields
This commit is contained in:
iven
@@ -229,10 +229,10 @@ impl ExperienceExtractor {
|
||||
.unwrap_or_default();
|
||||
let line = format!(
|
||||
"- 类似「{}」做过:{},结果是{} ({})",
|
||||
truncate(&exp.pain_pattern, 30),
|
||||
step_summary,
|
||||
exp.outcome,
|
||||
industry_tag.trim_start()
|
||||
xml_escape(&truncate(&exp.pain_pattern, 30)),
|
||||
xml_escape(&step_summary),
|
||||
xml_escape(&exp.outcome),
|
||||
xml_escape(industry_tag.trim_start())
|
||||
);
|
||||
total_chars += line.chars().count();
|
||||
parts.push(line);
|
||||
@@ -257,6 +257,13 @@ fn truncate(s: &str, max_chars: usize) -> String {
|
||||
}
|
||||
}
|
||||
|
||||
/// Escape XML special characters for safe injection into `<butler-context>`.
|
||||
fn xml_escape(s: &str) -> String {
|
||||
s.replace('&', "&")
|
||||
.replace('<', "<")
|
||||
.replace('>', ">")
|
||||
}
|
||||
|
||||
// ---------------------------------------------------------------------------
|
||||
// Tests
|
||||
// ---------------------------------------------------------------------------
|
||||
|
||||
Reference in New Issue
Block a user