Skip to content

fix(stega): add mux video machine fields to default filter denylist#1190

Open
kmelve wants to merge 1 commit into
mainfrom
fix/stega-mux-video-fields
Open

fix(stega): add mux video machine fields to default filter denylist#1190
kmelve wants to merge 1 commit into
mainfrom
fix/stega-mux-video-fields

Conversation

@kmelve
Copy link
Copy Markdown
Member

@kmelve kmelve commented Feb 26, 2026

Summary

  • Add 13 machine-generated fields to the stega filterDefault denylist to prevent stega encoding from breaking rendering and logic in Mux video integrations and image placeholders
  • Fields added: aspect_ratio, aspectRatio, blurHash, thumbHash, encoding_tier, master_access, max_resolution_tier, max_stored_resolution, mp4_support, resolution_tier, upload_id, video_quality, video_resolution
  • None of these are user-editable content, so filtering them has zero impact on visual editing

Context

The Mux video plugin (sanity-plugin-mux-input) stores machine-generated fields from the Mux API verbatim in mux.videoAsset documents. When stega-encoded, these fields break downstream consumers — most critically aspect_ratio/aspectRatio which corrupts CSS aspect-ratio calculations, and various enum/config fields used in conditional logic.

Similarly, blurHash and thumbHash are machine-generated image placeholder hashes (analogous to the already-denylisted lqip) that break when stega characters are injected.

Test plan

  • All 146 filterDefault tests pass (13 new test cases added)
  • Full stega test suite passes (180 tests)

🤖 Generated with Claude Code

@kmelve @claude
fix(stega): add mux video machine fields to default filter denylist
3c44541 
Add 13 machine-generated fields to the stega filterDefault denylist to
prevent encoding invisible characters into values that break rendering
and logic:

- aspect_ratio/aspectRatio: breaks CSS aspect-ratio calculations
- blurHash/thumbHash: machine-generated image placeholder hashes
- encoding_tier, master_access, max_resolution_tier,
  max_stored_resolution, mp4_support, resolution_tier, upload_id,
  video_quality, video_resolution: Mux video API fields

None of these are user-editable content, so filtering them has zero
impact on visual editing functionality.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@vercel
Copy link
Copy Markdown

vercel Bot commented Feb 26, 2026

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment
Project Deployment Actions Updated (UTC)
tsdocs-client Ignored Ignored Feb 26, 2026 1:01am

Request Review

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Feb 26, 2026

Coverage Report

Status Category Percentage Covered / Total
🔵 Lines 88.1% 3992 / 4531
🔵 Statements 88.1% 3992 / 4531
🔵 Functions 85.67% 317 / 370
🔵 Branches 89.13% 1173 / 1316
File Coverage
File Stmts Branches Functions Lines Uncovered Lines
Changed Files
src/stega/filterDefault.ts 100% 96.87% 100% 100%
Generated in workflow #4073 for commit 3c44541 by the Vitest Coverage Report Action

@kmelve kmelve requested a review from stipsan February 26, 2026 01:02
@kmelve
Copy link
Copy Markdown
Member Author

kmelve commented Feb 26, 2026

I'm not sure if this is the best approach to be honest. But Mux is the main way to use Video through Sanity and not escaping these fields made problems for our preview. I wish there was a way to declare "machine fields" from the backend through CSM.

@kmelve kmelve removed the request for review from stipsan February 26, 2026 01:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@kmelve