refactor(vscode): simplify path sanitization in openOnUnicode command

Author: luxass

vscode/src/commands/open-on-unicode.ts

@@ -1,5 +1,6 @@
 import type { TreeViewNode } from "reactive-vscode";
 import type { UCDTreeItem } from "../composables/useUCDExplorer";
+import { resolveSafePath } from "@ucdjs/path-utils";
 import { executeCommand, useCommand } from "reactive-vscode";
 import { Uri } from "vscode";
 import * as Meta from "../generated/meta";
@@ -19,35 +20,8 @@ export function useOpenOnUnicodeCommand() {
         return;
       }
 
-      // Sanitize path to prevent directory traversal attacks
-      const rawPath = treeViewOrUri.path;
-
-      // Normalize the path and check for traversal attempts
-      // Use a simple approach: split, filter out dangerous segments, rejoin
-      const segments = rawPath.split("/").filter((segment) => {
-        // Block empty segments, current dir refs, and parent dir refs
-        return segment !== "" && segment !== "." && segment !== "..";
-      });
-
-      // If no valid segments remain, block the request
-      if (segments.length === 0) {
-        logger.error("Invalid path provided to openOnUnicode command: path is empty or invalid.");
-        return;
-      }
-
-      // Check if any segment still contains traversal patterns (encoded or otherwise)
-      const hasTraversal = segments.some((segment) => {
-        const decoded = decodeURIComponent(segment);
-        return decoded === ".." || decoded === "." || decoded.includes("../") || decoded.includes("..\\");
-      });
-
-      if (hasTraversal) {
-        logger.error("Invalid path provided to openOnUnicode command: path traversal detected.");
-        return;
-      }
-
-      const sanitizedPath = segments.join("/");
-      executeCommand("vscode.open", Uri.parse(`https://unicode.org/Public/${sanitizedPath}`));
+      const resolvedPath = resolveSafePath("/Public/", treeViewOrUri.path);
+      executeCommand("vscode.open", Uri.parse(`https://unicode.org/${resolvedPath}`));
       return;
     }