From 809c9d451f2ab0d51d0d20fb3c76774e9db1b981 Mon Sep 17 00:00:00 2001 From: waleed Date: Mon, 27 Apr 2026 19:59:44 -0700 Subject: [PATCH] fix(files): address PR review findings MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - csp.ts: revert bare https: from img-src — it defeats the existing domain allowlist and opens info-leakage vectors - files/page.tsx + files/[fileId]/page.tsx: add explicit fallback={null} to to make intent clear (React defaults to null, but omitting it looks like an oversight) - preview-panel.tsx: restore pre passthrough in STATIC_MARKDOWN_COMPONENTS so Streamdown's wrapping 
 doesn't nest inside the custom code
  block 
, which produced invalid HTML and broken styling
- file-viewer.tsx: add 'webm' to VIDEO_PREVIEWABLE_EXTENSIONS to match
  'video/webm' in VIDEO_PREVIEWABLE_MIME_TYPES
---
 apps/sim/app/workspace/[workspaceId]/files/[fileId]/page.tsx    | 2 +-
 .../[workspaceId]/files/components/file-viewer/file-viewer.tsx  | 2 +-
 .../files/components/file-viewer/preview-panel.tsx              | 1 +
 apps/sim/app/workspace/[workspaceId]/files/page.tsx             | 2 +-
 apps/sim/lib/core/security/csp.ts                               | 1 -
 5 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/apps/sim/app/workspace/[workspaceId]/files/[fileId]/page.tsx b/apps/sim/app/workspace/[workspaceId]/files/[fileId]/page.tsx
index 1f8b513eb8..2bc2bef02d 100644
--- a/apps/sim/app/workspace/[workspaceId]/files/[fileId]/page.tsx
+++ b/apps/sim/app/workspace/[workspaceId]/files/[fileId]/page.tsx
@@ -9,7 +9,7 @@ export const metadata: Metadata = {
 
 export default function FilesFilePage() {
   return (
-    
+    
       
     
   )
diff --git a/apps/sim/app/workspace/[workspaceId]/files/components/file-viewer/file-viewer.tsx b/apps/sim/app/workspace/[workspaceId]/files/components/file-viewer/file-viewer.tsx
index 52df457f7c..c651a14a78 100644
--- a/apps/sim/app/workspace/[workspaceId]/files/components/file-viewer/file-viewer.tsx
+++ b/apps/sim/app/workspace/[workspaceId]/files/components/file-viewer/file-viewer.tsx
@@ -133,7 +133,7 @@ const VIDEO_PREVIEWABLE_MIME_TYPES = new Set([
   'video/x-matroska',
   'video/webm',
 ])
-const VIDEO_PREVIEWABLE_EXTENSIONS = new Set(['mp4', 'mov', 'avi', 'mkv'])
+const VIDEO_PREVIEWABLE_EXTENSIONS = new Set(['mp4', 'mov', 'avi', 'mkv', 'webm'])
 
 const PPTX_PREVIEWABLE_MIME_TYPES = new Set([
   'application/vnd.openxmlformats-officedocument.presentationml.presentation',
diff --git a/apps/sim/app/workspace/[workspaceId]/files/components/file-viewer/preview-panel.tsx b/apps/sim/app/workspace/[workspaceId]/files/components/file-viewer/preview-panel.tsx
index 2795573ae7..e5dbc793b5 100644
--- a/apps/sim/app/workspace/[workspaceId]/files/components/file-viewer/preview-panel.tsx
+++ b/apps/sim/app/workspace/[workspaceId]/files/components/file-viewer/preview-panel.tsx
@@ -302,6 +302,7 @@ const MermaidDiagram = memo(function MermaidDiagram({ definition }: { definition
 })
 
 const STATIC_MARKDOWN_COMPONENTS = {
+  pre: ({ children }: { children?: React.ReactNode }) => <>{children},
   p: ({ children }: { children?: React.ReactNode }) => (
     

       {children}
diff --git a/apps/sim/app/workspace/[workspaceId]/files/page.tsx b/apps/sim/app/workspace/[workspaceId]/files/page.tsx
index 0b5f0ec57a..242b7e9291 100644
--- a/apps/sim/app/workspace/[workspaceId]/files/page.tsx
+++ b/apps/sim/app/workspace/[workspaceId]/files/page.tsx
@@ -9,7 +9,7 @@ export const metadata: Metadata = {
 
 export default function FilesPage() {
   return (
-    
+    
       
     
   )
diff --git a/apps/sim/lib/core/security/csp.ts b/apps/sim/lib/core/security/csp.ts
index 7915b40d2f..dbe039a0cf 100644
--- a/apps/sim/lib/core/security/csp.ts
+++ b/apps/sim/lib/core/security/csp.ts
@@ -65,7 +65,6 @@ const STATIC_IMG_SRC = [
   "'self'",
   'data:',
   'blob:',
-  'https:',
   'https://*.googleusercontent.com',
   'https://*.google.com',
   'https://*.atlassian.com',