Make version information consistent across update interfaces

[Arcitec]

The duplication of logic and the formatting differences between the "OTA Updates" and "Security & Updates" pages made it very difficult to find the exact version details.

With this change, both update-pages now share the same consistent and detailed formatting, making it easy for users to identify which exact version and binary of WLED they've installed.

The version format has also been improved to make it much easier to understand.

---

OTA Update Page (only reachable via Info -> OTA Update):

Before:

After:

Security & Updates Page:

Before (doesn't say anything useful):

After:

---

The new format is easier for users to understand, and only adds 10 characters. Most builds hover around 75 characters total, and I've verified that the 128 byte buffer would fit extremely long WLED_RELEASE_NAME names. Much, much longer than any person would ever use. :)

With these changes, it's finally easy to find the vital information about the installed build. I didn't even know that it was possible to find it in the UI until I started digging around in the code and found that it was hiding on the well-hidden OTA page, hehe. It makes sense to have it on the Security & Updates page too.

I also fixed the braces of two functions that weren't consistent with the coding style of the rest of that file.

Summary by CodeRabbit

• New Features
  • Improved version display across the app. The About and Update pages now show “Installed version: WLED ” for clarity.
  • Added a richer version details section that includes the version, build number, release name, and processor model, presented consistently across relevant UI sections.
  • Replaced a previous generic server error line in the About section with the installed version information for a more informative and user-friendly experience.

[coderabbitai]

Walkthrough

Replaced UI text to show "Installed version: WLED ##VERSION##" in two HTML pages. Added C++ helper fillWLEDVersion(char*, size_t) that produces an HTML-ready version string (version, build, release, processor) and replaced inline snprintf usage in settings-generation paths with this helper.

Changes

Cohort / File(s)	Summary
UI text updates wled00/data/settings_sec.htm, wled00/data/update.htm	Updated displayed installed version text to include the "WLED " prefix: "Installed version: WLED ##VERSION##". No logic changes.
Version formatting helper and integration wled00/xml.cpp	Added void fillWLEDVersion(char *buf, size_t len) to build an HTML-safe version string (version, numeric build, quoted release, processor model) and replaced prior inline snprintf formatting in settings-generation (including SUBPAGE_UPDATE) to use this helper; minor brace-formatting change in appendGPIOinfo.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• Revert disable OTA logic & optional Arduino OTA #4748 — Modifies settings-generation logic near the same getSettingsJS / SUBPAGE_UPDATE code paths; likely related to version/OTA UI handling.

Suggested reviewers

• willmmiles
• rapek412-prog

Tip

🔌 Remote MCP (Model Context Protocol) integration is now available!

Pro plan users can now connect to remote MCP servers from the Integrations page. Connect with popular remote MCPs such as Notion and Linear to add more context to your reviews and chats.

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 1364c2f and 7865985.

📒 Files selected for processing (3)

• wled00/data/settings_sec.htm (1 hunks)
• wled00/data/update.htm (1 hunks)
• wled00/xml.cpp (5 hunks)

🚧 Files skipped from review as they are similar to previous changes (3)

• wled00/data/settings_sec.htm
• wled00/data/update.htm
• wled00/xml.cpp

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: wled_build / Build Environments (usermods)
• GitHub Check: wled_build / Build Environments (esp32s3dev_8MB_opi)

✨ Finishing Touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (3)

wled00/xml.cpp (3)

40-55: Prefer HTML entities over JS string escaping for quotes.

Minor readability nit: instead of embedding escaped quotes (\"%s\"), render quotes using HTML entities. This avoids reliance on JS string escaping semantics and is clearer to future maintainers.

Apply this diff:

-  snprintf_P(buf,len,PSTR("WLED %s (%d)<br>\\\"%s\\\"<br>(Processor: %s)"),
+  snprintf_P(buf,len,PSTR("WLED %s (%d)<br>&quot;%s&quot;<br>(Processor: %s)"),

---

40-55: Consider HTML-escaping releaseString to prevent markup injection.

releaseString is compile-time controlled, but it can still contain characters like <, >, &, or quotes. Since the string is inserted as innerHTML, escaping releaseString reduces the risk of unintended markup rendering.

If you prefer, I can provide a lightweight helper that escapes &, <, >, " before formatting the version string.

---

40-55: ESP8266 vs ESP8285 identification.

For ESP8266 builds that run on ESP8285, the processor label will still read "ESP8266". If you want to be precise, you could detect 8285 specifically (optional).

Would you like a small helper that detects 8285 on ESP8266 cores?

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 7285efe and 1364c2f.

📒 Files selected for processing (3)

• wled00/data/settings_sec.htm (1 hunks)
• wled00/data/update.htm (1 hunks)
• wled00/xml.cpp (4 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (14)

• GitHub Check: wled_build / Build Environments (usermods)
• GitHub Check: wled_build / Build Environments (lolin_s2_mini)
• GitHub Check: wled_build / Build Environments (esp32_wrover)
• GitHub Check: wled_build / Build Environments (esp32s3_4M_qspi)
• GitHub Check: wled_build / Build Environments (esp32c3dev)
• GitHub Check: wled_build / Build Environments (esp32s3dev_8MB_opi)
• GitHub Check: wled_build / Build Environments (esp32_eth)
• GitHub Check: wled_build / Build Environments (esp01_1m_full_compat)
• GitHub Check: wled_build / Build Environments (esp01_1m_full_160)
• GitHub Check: wled_build / Build Environments (esp32s3dev_16MB_opi)
• GitHub Check: wled_build / Build Environments (esp32dev)
• GitHub Check: wled_build / Build Environments (nodemcuv2)
• GitHub Check: wled_build / Build Environments (esp01_1m_full)
• GitHub Check: wled_build / Build Environments (esp8266_2m)

🔇 Additional comments (6)

wled00/data/settings_sec.htm (1)

79-79: Consistent installed version display added (matches OTA page).

Good addition. The static placeholder degrades gracefully if JS injection fails, and the shared "sip" target enables consistent dynamic content via getSettingsJS.

wled00/data/update.htm (1)

30-30: Aligned the installed version label with Security & Updates.

Looks good. Keeping the static "WLED ##VERSION##" ensures a fallback before JS populates the detailed string.

wled00/xml.cpp (4)

40-55: New helper centralizes detailed version formatting across pages.

Nice encapsulation. Using snprintf_P prevents overflow and the function cleanly supports both ESP32 and ESP8266 variants.

---

91-92: NFC: Brace style change.

Moving the opening brace to a new line is fine and consistent with nearby code style.

---

614-616: Index 0 confirmed as the only “sip” element
Verified a single <span class="sip"> in wled00/data/settings_sec.htm, so targeting index 0 is correct. Approving code changes.

---

676-677: Verification of version formatter consistency

• Confirmed exactly one class="sip" occurrence in wled00/data/update.htm (line 30).
• Unable to locate the printSetClassElementHTML definition or any innerHTML usage in wled00/xml.cpp. Please manually verify that this function safely escapes tmp_buf when injecting it into the page (via innerHTML or equivalent).

Updated quick checks for your convenience:

rg -nP 'class\s*=\s*["\']sip["\']' -n -C2 wled00/data/update.htm
rg -nR 'printSetClassElementHTML' -n -C3 wled00/xml.cpp

[Arcitec]

Regarding coderabbit's nitpicks about HTML escaping: I certainly wish that printSetClassElementHTML() did escaping of HTML characters when it outputs strings into HTML, but it's pointless and costly to do that processing on a weak CPU where LED effects are more important. It would also waste RAM by having to make a new string buffer for the converted string. So I escape quotes manually via \" which is a quick and easy 2-byte solution. Ignore the silly rabbit.

[netmindz]

Nice improvement

[Arcitec]

@netmindz Oh I see you added it to 0.15.2. I'll contribute a PR for that too since I already have a backport locally.

Edit: #4849