58e070461663f4d71ce17eb93b17225b20071371 lrnassar Fri Jun 5 10:12:34 2026 -0700 Expand verboten.lst with 18 more patterns surfaced during Phase C1 dry-run of the remaining 12 RTS sessions: leaked state from other CGIs (hgg_, hglft_, hgta_, hgHub_do_search), additional hgTracks UI state (hgt_, hgt_configGroupTarget, hgt_doJsCommand, hgt_mdbVal/Var, rulerBaseZoom, hgTracksConfigPage), debris (European, source, sessionTable_length), per-db reverse-complement toggle (complement_<db>), gateway-style position-search input (search), Track Search dialog state (ts*), and single-letter hgc track selector (g). Also drop pairs with empty or whitespace-tainted keys in scrub() to defend against future cart-string corruption (caught a stray ' hgsid=...' from a manually-edited 2021 cart row in BRCA1_BRCA2_ENIGMA_hg19). Re-fetch the 2 already-seeded files so the whole corpus uses the final scrub list. refs #32768 diff --git src/hg/utils/rts/verboten.lst src/hg/utils/rts/verboten.lst index d6cdaf83629..ea952721e48 100644 --- src/hg/utils/rts/verboten.lst +++ src/hg/utils/rts/verboten.lst @@ -1,113 +1,147 @@ # Cart variables to strip from a curator's session before writing the # Recommended Track Set file under htdocs/data/recTrackSets/. Chris's loader # applies whatever is in the file verbatim to the user's cart (no filtering at # load time), so the scrub burden is entirely here. # # Sections: # 1. Original (pre-file-loader) scrub patterns # 2. View-locking (coords + position variants) # 3. Session-load UI state # 4. Curator-local custom-track references # 5. User display preferences # 6. Form fields that pre-fill UI on other pages # 7. hgTracks excludeVars[] sweep (defense-in-depth for transient form state) # === 1. Original verboten patterns === ^pix ^textSize ^textFont ^hgt.labelWidth ^position ^highlight # === 2. View-locking: coords + position variants === ^c$ ^l$ ^r$ ^t$ ^o$ ^position\. ^lastPosition$ ^oldPosition$ ^virtMode ^lastVirtMode # === 3. Session-load UI state === ^hgS_ ^hgPS_DataTableState$ ^rtsLoad$ ^redirect$ ^topSubmit$ ^goButton$ ^hgsid$ ^_$ # === 4. Curator-local custom-track references (would dangle for other users) === ^ctfile_ # === 5. User display preferences === ^textStyle$ ^leftLabels$ ^centerLabels$ ^guidelines$ ^ideogram$ ^ruler$ ^enableHighlightingDialog$ ^trackControlsOnMain$ ^nextExonArrows$ ^nextItemArrows$ ^exonNumbers$ ^dinkL$ ^dinkR$ ^jsh_pageVertPos$ ^hgt\.baseShow ^hgt\.baseTitle # === 6. Form fields that pre-fill UI on other pages === ^hgFind\.matches ^hubSearchTerms$ ^hubDbFilter$ ^hubSearchButton$ # === 7. hgTracks excludeVars[] sweep === ^submit$ ^Submit$ ^dirty$ ^hgt\.reset$ ^hgt\.in[1-3]$ ^hgt\.inBase$ ^hgt\.out[1-4]$ ^hgt\.left[1-3]$ ^hgt\.right[1-3]$ ^hgt\.dink(LL|LR|RL|RR)$ ^hgt\.tui$ ^hgt\.hideAll$ ^hgt\.visAllFromCt$ ^hgt\.psOutput$ ^hideControls$ ^hgt\.toggleRevCmplDisp$ ^hgt\.collapseGroups$ ^hgt\.expandGroups$ ^hgt\.suggest$ ^hgt\.suggestTrack$ ^hgt\.positionInput$ ^hgt\.jump$ ^hgt\.refresh$ ^hgt\.setWidth$ ^hgt\.trackImgOnly$ ^hgt\.ideogramToo$ ^hgt\.trackNameFilter$ ^hgt\.imageV1$ ^hgt_tSearch$ ^hgt_tsPage$ ^hgt_tsAddRow$ ^hgt_tsDelRow$ ^hgt\.contentType$ ^hgt\.internal$ ^dumpTracks$ ^ctTest$ ^sortExp$ ^sortSim$ ^hideTracks$ ^ignoreCookie$ ^myVarShare$ + +# === 8. Phase C1 discovery additions === + +# Debris / artifacts +^European$ +^source$ +^sessionTable_length$ + +# Reverse-complement toggle (per-db family, e.g. complement_hg19) +^complement_ + +# State leaked from curator browsing other CGIs +^hgg_ +^hglft_ +^hgta_ +^hgHub_do_search$ +^hgTracksConfigPage$ + +# Additional hgTracks UI state +^hgt_$ +^hgt_configGroupTarget$ +^hgt_doJsCommand$ +^hgt_mdbVal[12]$ +^hgt_mdbVar[12]$ +^rulerBaseZoom$ + +# Position-search box (gateway-style search input) +^search$ + +# Track Search dialog state (the ts* family) +^ts(CurTab|Descr|Group|IncludePublicHubs|Name|Simple|Type)$ + +# Single-letter transient hgc track selector +^g$