From ec154d588b548eb9615444f1bb6390951b9f61cd Mon Sep 17 00:00:00 2001
From: Titas-Ghosh <titas.ghosh7@gmail.com>
Date: Mon, 23 Feb 2026 04:29:41 +0530
Subject: [PATCH 1/3] Encode server action URLs and query parameters safely

---
 src/graph-builder/graph-core/6-server.js | 43 +++++++++++++++---------
 1 file changed, 27 insertions(+), 16 deletions(-)

diff --git a/src/graph-builder/graph-core/6-server.js b/src/graph-builder/graph-core/6-server.js
index 827e867..de47a65 100644
--- a/src/graph-builder/graph-core/6-server.js
+++ b/src/graph-builder/graph-core/6-server.js
@@ -170,12 +170,16 @@ class GraphServer extends GraphLoadSave {
     build() {
         const graphName = this.getCurrentGraphName();
         if (!graphName) return;
-        const url = `${EXECUTION_ENGINE_URL}/build/${this.superState.uploadedDirName}`
-            + `?fetch=${graphName}&unlock=${this.superState.unlockCheck}`
-            + `&docker=${this.superState.dockerCheck}`
-            + `&maxtime=${this.superState.maxTime}`
-            + `&params=${this.superState.params}`
-            + `&octave=${this.superState.octave}`;
+        const query = new URLSearchParams({
+            fetch: graphName,
+            unlock: this.superState.unlockCheck,
+            docker: this.superState.dockerCheck,
+            maxtime: this.superState.maxTime,
+            params: this.superState.params,
+            octave: this.superState.octave,
+        });
+        const url = `${EXECUTION_ENGINE_URL}/build/${encodeURIComponent(this.superState.uploadedDirName)}`
+            + `?${query.toString()}`;
         this.serverAction('post', url, {
             built: false, ran: true, debugged: true, cleared: false, stopped: false, destroyed: true,
         }, (res) => {
@@ -186,7 +190,7 @@ class GraphServer extends GraphLoadSave {
     debug() {
         const graphName = this.getCurrentGraphName();
         if (!graphName) return;
-        const url = `${EXECUTION_ENGINE_URL}/debug/${graphName}`;
+        const url = `${EXECUTION_ENGINE_URL}/debug/${encodeURIComponent(graphName)}`;
         this.serverAction('post', url, {
             built: false, ran: false, debugged: false, cleared: true, stopped: true, destroyed: true,
         });
@@ -195,7 +199,7 @@ class GraphServer extends GraphLoadSave {
     run() {
         const graphName = this.getCurrentGraphName();
         if (!graphName) return;
-        const url = `${EXECUTION_ENGINE_URL}/run/${graphName}`;
+        const url = `${EXECUTION_ENGINE_URL}/run/${encodeURIComponent(graphName)}`;
         this.serverAction('post', url, {
             built: false, ran: false, debugged: false, cleared: true, stopped: true, destroyed: true,
         });
@@ -204,10 +208,13 @@ class GraphServer extends GraphLoadSave {
     clear() {
         const graphName = this.getCurrentGraphName();
         if (!graphName) return;
-        const url = `${EXECUTION_ENGINE_URL}/clear/${graphName}`
-            + `?unlock=${this.superState.unlockCheck}`
-            + `&maxtime=${this.superState.maxTime}`
-            + `&params=${this.superState.params}`;
+        const query = new URLSearchParams({
+            unlock: this.superState.unlockCheck,
+            maxtime: this.superState.maxTime,
+            params: this.superState.params,
+        });
+        const url = `${EXECUTION_ENGINE_URL}/clear/${encodeURIComponent(graphName)}`
+            + `?${query.toString()}`;
         this.serverAction('post', url, {
             built: false, ran: true, debugged: true, cleared: false, stopped: true, destroyed: true,
         });
@@ -216,7 +223,7 @@ class GraphServer extends GraphLoadSave {
     stop() {
         const graphName = this.getCurrentGraphName();
         if (!graphName) return;
-        const url = `${EXECUTION_ENGINE_URL}/stop/${graphName}`;
+        const url = `${EXECUTION_ENGINE_URL}/stop/${encodeURIComponent(graphName)}`;
         this.serverAction('post', url, {
             built: false, ran: false, debugged: false, cleared: true, stopped: false, destroyed: true,
         });
@@ -225,15 +232,19 @@ class GraphServer extends GraphLoadSave {
     destroy() {
         const graphName = this.getCurrentGraphName();
         if (!graphName) return;
-        const url = `${EXECUTION_ENGINE_URL}/destroy/${graphName}`;
+        const url = `${EXECUTION_ENGINE_URL}/destroy/${encodeURIComponent(graphName)}`;
         this.serverAction('delete', url, {
             built: true, ran: false, debugged: false, cleared: false, stopped: false, destroyed: false,
         });
     }
 
     library(fileName) {
-        const url = `${EXECUTION_ENGINE_URL}/library/${this.superState.uploadedDirName}`
-            + `?filename=${fileName}&path=${this.superState.library}`;
+        const query = new URLSearchParams({
+            filename: fileName,
+            path: this.superState.library,
+        });
+        const url = `${EXECUTION_ENGINE_URL}/library/${encodeURIComponent(this.superState.uploadedDirName)}`
+            + `?${query.toString()}`;
         this.serverAction('post', url, null);
     }
 

From b960ed30cb44b3c10b749ca4b9d212a006f3a388 Mon Sep 17 00:00:00 2001
From: Titas-Ghosh <titas.ghosh7@gmail.com>
Date: Mon, 23 Feb 2026 04:45:12 +0530
Subject: [PATCH 2/3] Remove invalid eslint directives in server actions file

---
 src/graph-builder/graph-core/6-server.js | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/src/graph-builder/graph-core/6-server.js b/src/graph-builder/graph-core/6-server.js
index de47a65..e3fc1d3 100644
--- a/src/graph-builder/graph-core/6-server.js
+++ b/src/graph-builder/graph-core/6-server.js
@@ -51,7 +51,6 @@ class GraphServer extends GraphLoadSave {
     //             this.setGraphML(graphXML);
     //         });
     //     } else {
-    //         // eslint-disable-next-line no-toast.success
     //         toast.success('Not on server');
     //     }
     // }
@@ -65,7 +64,6 @@ class GraphServer extends GraphLoadSave {
 
     //         });
     //     } else {
-    //         // eslint-disable-next-line no-toast.success
     //         toast.success('Not on server');
     //     }
     // }
@@ -119,7 +117,6 @@ class GraphServer extends GraphLoadSave {
                 toast.error(err.response?.data?.message || err.message);
             });
         } else {
-            // eslint-disable-next-line no-toast.success
             toast.success('Not on server');
         }
     }
@@ -133,7 +130,6 @@ class GraphServer extends GraphLoadSave {
 
             });
         } else {
-            // eslint-disable-next-line no-toast.success
             toast.success('Not on server');
         }
     }

From 6dbec72361016d97922267539fc381f0a66a2770 Mon Sep 17 00:00:00 2001
From: Titas-Ghosh <titas.ghosh7@gmail.com>
Date: Mon, 23 Feb 2026 05:33:08 +0530
Subject: [PATCH 3/3] Fix GraphArea useEffect consistent-return lint issue

---
 src/GraphArea.jsx | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/GraphArea.jsx b/src/GraphArea.jsx
index ccc6aee..f855635 100644
--- a/src/GraphArea.jsx
+++ b/src/GraphArea.jsx
@@ -56,11 +56,12 @@ function Graph({
     }, [active, instance, graphID, dispatcher]);
 
     useEffect(() => {
-        if (!ref.current) return;
-        setContainerDim(ref.current);
         const handleResize = () => setContainerDim(ref.current);
-        window.addEventListener('resize', handleResize);
-        setInstance(initialiseNewGraph());
+        if (ref.current) {
+            setContainerDim(ref.current);
+            window.addEventListener('resize', handleResize);
+            setInstance(initialiseNewGraph());
+        }
         return () => window.removeEventListener('resize', handleResize);
     }, [ref]);