Skip to content

fix: harden wallet request errors#4

Open
Sikkra wants to merge 1 commit into
BitgesellOfficial:masterfrom
Sikkra:codex/recover-send-after-network-error
Open

fix: harden wallet request errors#4
Sikkra wants to merge 1 commit into
BitgesellOfficial:masterfrom
Sikkra:codex/recover-send-after-network-error

Conversation

@Sikkra

@Sikkra Sikkra commented May 20, 2026

Copy link
Copy Markdown

Summary

  • re-enable request cleanup callbacks after fetch/network failures so the Send form is not left disabled
  • escape untrusted RPC/explorer error text before rendering it in SweetAlert HTML
  • keep existing CORS help link markup intact while sanitizing the underlying error message

Verification

  • .\node_modules\.bin\eslint.cmd --rule "linebreak-style: 0" src\api.js src\utils.js src\send\send.js
  • node -e "for (const file of ['src/utils.js','src/api.js','src/send/send.js']) { new Function(require('fs').readFileSync(file,'utf8')); console.log(file + ' parses'); }"
  • git diff --check

Note: npm test is currently blocked on Windows by the pre-existing quoted glob script (eslint 'src/*.js'), which is addressed separately in PR #3.

Bounty payout address if approved: USDT TRC20 TPwPFww7zxXFQ7zugo22gktQhckWVarRqi

@MyTH-zyxeon

Copy link
Copy Markdown

Review-assist note for maintainers: this looks like a useful hardening change to keep the Send flow recoverable after fetch/network failures and to avoid rendering untrusted RPC/explorer error text directly through SweetAlert html.

The main validation I would do before merge is:

  • force fetchQuery(...).catch(...) with the Send fieldset disabled and confirm callbackAlways() re-enables it
  • return an RPC error like <img src=x onerror=alert(1)> and confirm it is displayed as text, not interpreted HTML
  • confirm the CORS help link still renders only for TypeError: Failed to fetch
  • confirm nonstandard RPC error shapes still fall back to Unknown RPC error instead of throwing inside the error handler

I do not see an obvious blocker in the diff; the risk is mostly browser-path regression coverage around the error modal and callback cleanup.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants