Closed
Conversation
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.
| }); | ||
|
|
||
| // Construct the blob URL | ||
| const blobUrl = `https://api.shelbynet.shelby.xyz/shelby/v1/blobs/${storageAccount.accountAddress.toString()}/${blobName}`; |
There was a problem hiding this comment.
Blob URL constructed without encoding special characters
Medium Severity
The blob URL is constructed by directly interpolating blobName without URL encoding. If a user uploads a file with special characters (spaces, #, ?, &, %), the resulting URL will be malformed. For example, a file named my report#1.pdf produces a URL where #1.pdf is interpreted as a fragment identifier, causing the View link to fail or load the wrong resource.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Created a simple 4-step example of uploading blobs to Shelby with
solana-kitNote
Medium Risk
Adds a new Next.js example with server API routes that accept Solana secret keys and perform on-chain/storage operations, plus changes monorepo app scanning logic; mistakes could lead to broken examples or unintended exposure/misuse in copied code.
Overview
Introduces a new Next.js app under
apps/solana/simple-examplethat walks users through a 4-step Solana flow (connect wallet, derive/create a Shelby storage account, fund with ShelbyUSD/APT, then upload and delete blobs) via new API routes (/api/create-storage-account,/api/fund-account,/api/upload-blob,/api/delete-blob) and client hooks/components.Updates the repo’s auto-generated apps table by making
table-generatorscan directories recursively when a folder lacks apackage.json, and refreshesREADME.mdentries accordingly. Minor housekeeping includes ignoringtsconfig.tsbuildinfoand adding@radix-ui/react-tooltipto@shelby-protocol/uidependencies.Written by Cursor Bugbot for commit 0eada5b. This will update automatically on new commits. Configure here.