[Feature] 模组等的更新日志以及 HTMLRenderer 的完善#6098
Conversation
# Conflicts: # HMCL/src/main/resources/assets/lang/I18N.properties # HMCL/src/main/resources/assets/lang/I18N_es.properties # HMCL/src/main/resources/assets/lang/I18N_ja.properties # HMCL/src/main/resources/assets/lang/I18N_lzh.properties # HMCL/src/main/resources/assets/lang/I18N_ru.properties # HMCL/src/main/resources/assets/lang/I18N_uk.properties # HMCL/src/main/resources/assets/lang/I18N_zh.properties # HMCL/src/main/resources/assets/lang/I18N_zh_CN.properties
# Conflicts: # HMCL/src/main/java/org/jackhuang/hmcl/ui/versions/ModUpdatesPage.java
# Conflicts: # HMCL/src/main/java/org/jackhuang/hmcl/ui/versions/DownloadPage.java
# Conflicts: # HMCL/src/main/java/org/jackhuang/hmcl/ui/versions/DownloadPage.java
Minecraft269
left a comment
There was a problem hiding this comment.
🤖 PR 审查报告 — PR #6098
审查模型: DeepSeek V4 (DeepSeek-V4-Pro)
审查维度: 安全漏洞 · 错误处理 · 类型设计 · API 设计
变更规模: 25 文件,+842 / −142 行
具体问题和修复建议已在上方代码行的 inline comment 中标注。以下为汇总。
📊 汇总
| 严重性 | 数量 | 类别 |
|---|---|---|
| 🔴 Critical | 5 | 2 安全 + 3 静默失败 |
| 🟠 Important | 6 | 类型设计 + 健壮性 + 一致性 |
| 🟡 Suggestion | 4 | 代码质量 |
✅ 正面发现
- HTMLRenderer 从旧式 switch 迁移到 switch expression — 代码现代化
- 图像加载同步→异步 — 修复阻塞 UI 的正确方向
- Markdown 支持丰富 (Autolink/Strikethrough/Tables/Ins)
- 链式调用 API (
return this) — 非破坏性流畅接口 - SEMAPHORE 资源管理一致、正确
- 多语言支持周到(含文言文)
核心建议: 优先修复 C1(XSS绕过) + C2(URI方案注入) 两个安全漏洞,以及 C3/C4/C5 三个静默失败。
🤖 Generated with Claude Code | 审查引擎: DeepSeek V4
# Conflicts: # HMCL/src/main/java/org/jackhuang/hmcl/ui/Controllers.java # HMCLCore/build.gradle.kts # gradle/libs.versions.toml
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request introduces support for rendering and displaying addon changelogs in the UI, integrating the CommonMark library to parse Markdown into HTML and extending the HTMLRenderer to support tables, ordered lists, code blocks, and basic inline CSS. It also refactors RemoteMod.Type to RemoteMod.Source and adds changelog fetching to CurseForge and Modrinth repositories. The review feedback highlights a potential IndexOutOfBoundsException in the auto-sizing table height calculation and a potential NullPointerException in the HTML table cell value factory. Additionally, it suggests setting a constrained column resize policy for rendered tables and returning early when processing TextNodes to improve performance.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
Glavo
left a comment
There was a problem hiding this comment.
本审查建议由 GPT-5 生成
已将具体审查建议标注在对应代码行。
# Conflicts: # HMCLCore/src/main/java/org/jackhuang/hmcl/mod/curse/CurseForgeRemoteModRepository.java
# Conflicts: # HMCL/src/main/java/org/jackhuang/hmcl/ui/versions/AddonCheckUpdatesTask.java # HMCL/src/main/java/org/jackhuang/hmcl/ui/versions/AddonUpdatesPage.java # HMCL/src/main/java/org/jackhuang/hmcl/ui/versions/DownloadPage.java # HMCL/src/main/resources/assets/lang/I18N.properties # HMCL/src/main/resources/assets/lang/I18N_lzh.properties # HMCL/src/main/resources/assets/lang/I18N_zh.properties # HMCL/src/main/resources/assets/lang/I18N_zh_CN.properties # HMCLCore/src/main/java/org/jackhuang/hmcl/addon/LocalAddonFile.java # HMCLCore/src/main/java/org/jackhuang/hmcl/addon/mod/LocalModFile.java # HMCLCore/src/main/java/org/jackhuang/hmcl/addon/resourcepack/ResourcePackFolder.java # HMCLCore/src/main/java/org/jackhuang/hmcl/addon/resourcepack/ResourcePackZipFile.java # HMCLCore/src/main/java/org/jackhuang/hmcl/mod/RemoteMod.java # HMCLCore/src/main/java/org/jackhuang/hmcl/mod/curse/CurseAddon.java # HMCLCore/src/main/java/org/jackhuang/hmcl/mod/curse/CurseForgeRemoteModRepository.java # HMCLCore/src/main/java/org/jackhuang/hmcl/mod/modrinth/ModrinthRemoteModRepository.java # HMCLCore/src/main/java/org/jackhuang/hmcl/util/Lang.java
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request introduces support for viewing addon changelogs by fetching them from remote repositories (CurseForge and Modrinth) and rendering them as HTML/Markdown using the CommonMark library. It adds a changelog viewer dialog to both the addon updates page and the download page, along with table rendering support in the HTML renderer. The review feedback highlights several issues: a potential NullPointerException in AddonUpdatesPage when retrieving the default cell factory, a performance anti-pattern in HTMLRenderer where UI nodes are instantiated inside CellValueFactory, a readability concern in a loop within HTMLRenderer, and an inaccurate HTML-vs-Markdown detection logic in StringUtils.convertToHtml.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
| public static String convertToHtml(String str) { | ||
| if (str == null) return null; | ||
| if (isBlank(str)) return ""; | ||
|
|
||
| /* | ||
| Firstly, we check if the string could be seen as HTML. | ||
|
|
||
| If so, we convert it to HTML document, then re-print it to a string to normalize spaces | ||
| (otherwise the parser may parse the HTML code as code blocks, which is not intended). | ||
| This will (hopefully) not break Markdown formats. | ||
|
|
||
| If not, we assume that the string is pure Markdown. | ||
| */ | ||
| String either = Jsoup.isValid(str, all) | ||
| ? Jsoup.parse(str).outputSettings(new Document.OutputSettings().prettyPrint(false)).body().html() | ||
| : str; | ||
|
|
||
| return HTML_RENDERER.render(MD_PARSER.parse(either)); | ||
| } |
There was a problem hiding this comment.
使用 Jsoup.isValid(str, all) 来判断输入是 HTML 还是 Markdown 是不准确的。
因为任何不包含任何 HTML 标签的纯文本或纯 Markdown 字符串(例如 This is **bold** text)在 Jsoup.isValid 中都会被判定为 true(因为它不包含任何不允许的标签)。这会导致纯 Markdown 文本也走入 HTML 的解析分支,从而可能导致一些特殊字符(如 <)被错误地转义或破坏。
此外,如果输入已经是 HTML,将其再次传入 Markdown 解析器 MD_PARSER 是多余且低效的,甚至可能导致 HTML 内部的文本被错误地解析为 Markdown 语法。
建议使用更健壮的方法来区分 HTML 和 Markdown:使用 Jsoup 解析字符串,并检查其 body 是否包含任何子元素(HTML 标签)。如果是 HTML,则直接返回清理后的 HTML;如果是 Markdown,则仅使用 MD_PARSER 进行解析。
public static String convertToHtml(String str) {
if (str == null) return null;
if (isBlank(str)) return "";
Document doc = Jsoup.parse(str);
// 如果 body 中包含任何 HTML 元素,则视为 HTML
if (!doc.body().children().isEmpty()) {
return doc.outputSettings(new Document.OutputSettings().prettyPrint(false)).body().html();
}
// 否则视为纯 Markdown
return HTML_RENDERER.render(MD_PARSER.parse(str));
}There was a problem hiding this comment.
@Glavo CC
没太想好怎么处理这一堆东西,目前这坨逻辑用起来似乎没啥问题
难点在虽然 MD 渲染器能识别HTML,但根据 MD 规范,由至少四个空格开头的行会被识别为代码块,而JEI的更新日志是HTML格式且每行都有至少4个空格作为开头,导致MD渲染器无法正常渲染。所以只能出此下策,parse一遍再不加空格地转回来,从而识别这种难搞的玩意。
# Conflicts: # HMCL/src/main/resources/assets/about/deps.json
Minecraft269
left a comment
There was a problem hiding this comment.
审查:convertToHtml 及关联代码
以下是针对 StringUtils.convertToHtml() 和相关文件的审查建议。总体来看功能实现正确,核心的 JEI HTML 缩进→代码块问题处理思路是合理的,但有几处可以改进。
审查重点
🔴 高优先级 — 逻辑/正确性问题
🟠 中优先级 — 代码质量/可维护性
🟡 低优先级 — 风格/注释
已验证没问题的 Gemini 建议
以下之前 AI 提出的建议经你驳回后确认无误:CSS image-pattern() 注入、isWhitespace() Unicode 覆盖、Modrinth projectType 重定向、#text+img 检测逻辑(Gemini 确实把逻辑理解反了)。
添加了下载模组、数据包等以及更新模组时显示更新日志的功能
Resolves #4685
具体变化:
HTMLRenderer的优化与完善,以及对 Markdown 的支持(引入了新依赖)TODO: