The previous implementation only escaped single quotes, which could allow
backslashes in file paths to break out of the JavaScript string context.
Now we escape backslashes first (\ -> \\), then single quotes (' -> \'),
preventing potential security issues.
Fixes CodeQL alert #26 for incomplete string escaping.
Co-authored-by: aaronpowell <434140+aaronpowell@users.noreply.github.com>
- Remove SearchableRecipe interface that conflicted with SearchableItem
- Use proper type casting for search results
- Fix FuzzySearch generic type usage
- Add Monaspace Argon NF font for dev icons
- Update cookbook.yml with unicode codepoints for language icons:
- TypeScript: \uE628
- Python: \uE73C
- C#/.NET: \uF81A
- Go: \uE626
- Style .lang-tab and .lang-indicator with Nerd Font family
Integrates the cookbook/ folder into the website's Samples page:
Data Structure:
- Add cookbook/cookbook.yml manifest defining cookbooks and recipes
- Add .schemas/cookbook.schema.json for validation
- Add COOKBOOK_DIR constant to eng/constants.mjs
Build Integration:
- Add generateSamplesData() to generate samples.json from cookbook.yml
- Include recipe variants with file paths for each language
- Add samples count to manifest.json
Website UI:
- Create samples.ts with FuzzySearch, language/tag filtering
- Replace placeholder samples.astro with functional recipe browser
- Recipe cards with language indicators and action buttons
- Language tabs for switching between implementations
- View Recipe/View Example buttons open modal
- GitHub link for each recipe
Features:
- Search recipes by name/description
- Filter by programming language (Node.js, Python, .NET, Go)
- Filter by tags (multi-select with Choices.js)
- 5 recipes across 4 languages = 20 recipe variants
- Change primary buttons from gradient to solid Copilot Purple (#8534F3)
- Add position:relative and z-index:10 to .filters-bar to fix
Choices.js dropdown appearing behind resource list items
- Remove separate hero-stats section
- Add card-count element to each resource card
- Update JS to populate counts from manifest
- Add card-with-count CSS for layout with count badge
- Reduces vertical space on home page
Add a new skill that analyzes Terraform plan JSON output for AzureRM Provider
to distinguish between false-positive diffs (order-only changes in Set-type
attributes) and actual resource changes.
This skill helps users identify 'noise' in terraform plan output caused by
Azure API returning Set elements in different order, making plan reviews
easier and reducing confusion in CI/CD pipelines.
Bundled assets:
- references/azurerm_set_attributes.json
- references/azurerm_set_attributes.md
- scripts/analyze_plan.py
