Matt Miller 2015bbb54a fix(assets): cap cursors by encoded wire size, not just char count ...

Char-count guards on value/id can still let multibyte or escape-heavy
inputs blow past MAX_ENCODED_CURSOR_LENGTH once UTF-8 + escape expansion
+ base64url runs. A 512-character name of 'é' (2 bytes UTF-8) or '<'
(serializes to the 6-byte '<' escape) passes the char check, mints
a ~1500-byte cursor, then 400s when handed back on the next request.

Compute the final encoded form and reject it before returning if it
exceeds the wire cap. Adds regression tests for both inflation paths.

2026-05-21 14:41:17 -07:00

..

assets

fix(assets): cap cursors by encoded wire size, not just char count

2026-05-21 14:41:17 -07:00

database

feat(assets): align local API with cloud spec (#12863)

2026-03-16 12:34:04 -07:00

__init__.py

Add FrontendManager to manage non-default front-end impl (#3897)

2024-07-16 11:26:11 -04:00

app_settings.py

Update frontend to v1.25.10 and revert navigation mode override (#9522)

2025-08-23 17:54:01 -04:00

custom_node_manager.py

This should not be a warning. (#7946)

2025-05-05 07:49:07 -04:00

frontend_management.py

Generalize frontend version warning to all comfy* requirements.txt entries (#13875)

2026-05-14 16:13:30 -07:00

logger.py

Repeat frontend version warning at the end.

2025-03-12 07:13:40 -04:00

model_manager.py

New Year ruff cleanup. (#11595)

2026-01-01 22:06:14 -05:00

node_replace_manager.py

fix: make NodeReplaceManager.register() idempotent (#13596)

2026-05-07 19:21:12 -07:00

subgraph_manager.py

fix: specify UTF-8 encoding when reading subgraph files (#12563)

2026-02-21 15:05:00 -08:00

user_manager.py

fix: return millisecond timestamps from get_file_info() (#12996)

2026-05-06 10:56:09 +08:00