From 1b4de183234ea07d93bc5be2c9ff09815d3add11 Mon Sep 17 00:00:00 2001
From: Andras Bacsai <5845193+andrasbacsai@users.noreply.github.com>
Date: Thu, 4 Dec 2025 13:46:25 +0100
Subject: [PATCH] Add DoS prevention to decodeHtml function in get-logs
 component
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Added maximum iteration limit (maxIterations = 3) to the decodeHtml function to prevent potential DoS attacks from deeply nested HTML entities. This matches the implementation in deployment/show.blade.php and ensures the function cannot be exploited for excessive CPU usage.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 .../views/livewire/project/shared/get-logs.blade.php      | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/resources/views/livewire/project/shared/get-logs.blade.php b/resources/views/livewire/project/shared/get-logs.blade.php
index 3a847bf43..89437d06e 100644
--- a/resources/views/livewire/project/shared/get-logs.blade.php
+++ b/resources/views/livewire/project/shared/get-logs.blade.php
@@ -48,13 +48,17 @@
             return line.toLowerCase().includes(this.searchQuery.toLowerCase());
         },
         decodeHtml(text) {
-            // Decode HTML entities, handling double-encoding
+            // Decode HTML entities, handling double-encoding with max iteration limit to prevent DoS
             let decoded = text;
             let prev = '';
-            while (decoded !== prev) {
+            let iterations = 0;
+            const maxIterations = 3; // Prevent DoS from deeply nested HTML entities
+
+            while (decoded !== prev && iterations < maxIterations) {
                 prev = decoded;
                 const doc = new DOMParser().parseFromString(decoded, 'text/html');
                 decoded = doc.documentElement.textContent;
+                iterations++;
             }
             return decoded;
         },