docs(wiki-htmlguard-doctrine-v1): +section HTMLGUARD Doctrine dans wiki cyber-tips-library - documente cause racine universelle fetch session expire LOGIN HTML json throw silently ecran blanc - pattern HTMLGUARD_V1 code template pour copier coller - tableau pages patchees cette session (admin+tasks+archi+dmaic) + pages deja protegees (master+orch+wevcode+ops) + candidats future - regle or tout fichier admin fetch API PHP DOIT avoir HTMLGUARD - GOLD wiki_htmlguard preserve - doctrine zero ecran blanc UX premium complement KPI Sources Reference V107 + Session Recap V108
Some checks failed
WEVAL NonReg / nonreg (push) Has been cancelled
Some checks failed
WEVAL NonReg / nonreg (push) Has been cancelled
This commit is contained in:
opus
@@ -463,3 +463,75 @@ OK github_pat_valid: PASS
|
||||
- ✅ Reconcile multi-Claude cascade autosyncs (V113/V114/V115/V116/V119/V130/V9.66/V9.67/V9.68)
|
||||
|
||||
---
|
||||
|
||||
|
||||
---
|
||||
|
||||
## HTMLGUARD Doctrine · <!-- HTMLGUARD-DOCTRINE-V1 · 2026-04-21 --> 2026-04-21 12:27
|
||||
|
||||
**Doctrine** : "ZERO ecran blanc UX" — toute page admin qui utilise fetch() vers API PHP avec session auth DOIT avoir HTMLGUARD pattern pour eviter crash silencieux quand session expire.
|
||||
|
||||
### Cause racine universelle
|
||||
|
||||
Pattern vulnerable type :
|
||||
```javascript
|
||||
const A = p => fetch('/api/endpoint.php?' + p).then(r => r.json());
|
||||
// Si session expire, l API retourne LOGIN HTML (pas 401, status 200)
|
||||
// r.json() throw SyntaxError silently — UI reste vide
|
||||
```
|
||||
|
||||
### Pattern HTMLGUARD_V1 (standard)
|
||||
|
||||
Applique a wevia-admin.php + tasks-live-opus5.html + architecture-live.html + dmaic-workbench.html :
|
||||
|
||||
```javascript
|
||||
window._safeJsonGuard = async function(r) {
|
||||
const t = (await r.text()).trim();
|
||||
if (t.startsWith('<!DOCTYPE') || t.startsWith('<html')) {
|
||||
if ((t.indexOf('Login') > -1 || t.indexOf('login') > -1) && !window._sessionExpiredWarned) {
|
||||
window._sessionExpiredWarned = true;
|
||||
// Banner orange top fixed avec lien reconnexion
|
||||
const banner = document.createElement('div');
|
||||
banner.style.cssText = 'position:fixed;top:0;...;background:#f59e0b;...';
|
||||
banner.innerHTML = 'Session expiree · <a href="'+window.location.pathname+'">Se reconnecter</a>';
|
||||
document.body.appendChild(banner);
|
||||
}
|
||||
return {error: 'html_response', isHtmlError: true, status: r.status};
|
||||
}
|
||||
try { return JSON.parse(t); }
|
||||
catch(e) { return {error: 'json_parse: ' + e.message, raw: t.substring(0, 200)}; }
|
||||
};
|
||||
```
|
||||
|
||||
### Pages patchees cette session
|
||||
|
||||
| Page | Markers | Session |
|
||||
|---|---|---|
|
||||
| wevia-ia/wevia-admin.php | HTMLGUARD_V1_ADMIN | Cmdt 048110e2f |
|
||||
| tasks-live-opus5.html | HTMLGUARD_V1_TASKS | Cmdt 1331d6006 (autosync) |
|
||||
| architecture-live.html | HTMLGUARD_V1_ARCHI | Cmdt 1331d6006 |
|
||||
| dmaic-workbench.html | HTMLGUARD_V1_DMAIC | Cmdt 1331d6006 |
|
||||
|
||||
### Pages deja proteges
|
||||
|
||||
| Page | Pattern |
|
||||
|---|---|
|
||||
| wevia-master.html | HTML_GUARD_V2_BATCH (3 instances) |
|
||||
| wevia-orchestrator.html | HTML_GUARD_V2_BATCH (2 instances) |
|
||||
| wevcode.html | WEVCODE_HTML_GUARD_V1 |
|
||||
| ops-center.html | PARSE_HTML_GUARD_V1 (avec detection 502/503/504/404) |
|
||||
|
||||
### Candidats future patch (si session issues)
|
||||
|
||||
- v63-send-queue.html (200 public, pas critique)
|
||||
- email-hub.html (200 public)
|
||||
- namecheap-hub.html (200 public)
|
||||
- blade-hub.html (200 public)
|
||||
- wevads-ia/index.html (200 public)
|
||||
- business-kpi-dashboard.php / products-kpi-dashboard.php (fetch count = 0, pas vulnerable)
|
||||
|
||||
### Regle d or
|
||||
|
||||
Tout fichier admin .php/.html qui call `/api/*.php` avec `.then(r=>r.json())` **DOIT** avoir HTMLGUARD, sinon session expire = ecran blanc = UX catastrophique.
|
||||
|
||||
---
|
||||
|
||||
Reference in New Issue
Block a user