Skip to content

Warn that imported data is public #538

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
jeysal wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Warn that imported data is public #538

jeysal wants to merge 1 commit into from

Conversation

@jeysal
Copy link
Member

@jeysal jeysal commented Jan 23, 2026

Description

People CSV-imported personally identifiable information into the CMS and were surprised it was visible to the internet.
Wdyt about warning about this here, and then potentially also for other import avenues?
We were also thinking about warning about this in the app UI because people might also enter such data manually, but aren't sure yet if we have a good place. Via import people are probably most likely to carelessly do this without thinking about it.

Testing

  • Look at the UI

@jeysal jeysal requested a review from Nick-Lucas January 23, 2026 12:15
cursor[bot]
cursor bot reviewed Jan 23, 2026
View reviewed changes
Copy link

@cursor cursor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 2 potential issues.

Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.

Comment @cursor review or bugbot run to trigger another review on this PR

plugins/csv-import/src/App.tsx Outdated
CMS data is publicly viewable.
<br />
Avoid importing personal data.
</p>
Copy link

@cursor cursor bot Jan 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Warning hidden during drag-and-drop file import

High Severity

The public data warning is placed inside the {!isDragging && ...} conditional block, causing it to disappear when users drag files over the interface. Users who import CSV files via drag-and-drop won't see the warning about CMS data being publicly viewable, defeating the PR's core purpose of preventing accidental PII imports.

Fix in Cursor Fix in Web

plugins/csv-import/src/App.tsx Outdated
CMS data is publicly viewable.
<br />
Avoid importing personal data.
</p>
Copy link

@cursor cursor bot Jan 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Paste import bypasses public data warning

High Severity

The public data warning only appears in the UI but doesn't cover the paste-to-import functionality. Users can paste CSV data directly into the plugin (handled by the clipboard event listener starting at line 139), which calls processAndImport() and imports data without ever displaying the warning about CMS data being publicly viewable.

Fix in Cursor Fix in Web

@jeysal jeysal force-pushed the personal-data-warning branch from 06d83d6 to b5ce8e0 Compare January 23, 2026 12:21
@jeysal
Copy link
Member Author

jeysal commented Jan 23, 2026

After rebase, Open Development Plugin doesn't load for me anymore, so not sure I did the rebase correctly
image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

@Nick-Lucas Nick-Lucas Awaiting requested review from Nick-Lucas

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jeysal