Cannot create new request - previous XSS request test has broken the database

[wildhart]

Describe the bug
I was doing some testing of XSS attack handling, with requests like:

GET http://localhost:3000/admin/visitors?go=<%00script>alert(219);</script>
GET https://[mydomain]/admin/visitors?<<<<<<<<<foo"bar'314>>>>=1

Now when I click the "New Request" button, the window opens up like this:

There are two blocks of text taking up most of the screen which I cannot get rid of, and there is no UI to configure the new request.

Interestingly the two blocks of text are split by the 2nd example request above, with the left-hand panel ending with /admin/visitors?<<<<<<<<< and the right-hand panel starting with >>>>=1

I suspect that the request admin/visitors?<<<<<<<<<foo"bar'314>>>>=1 is breaking the typeahead search box in the "New Request" window.

Things I've tried:

• If I switch to a different workspace/folder it works OK, but if I switch back to this workspace it's still broken.
• Deleting the folder's .vscode and thunder-tests folders doesn't work.
• I do not have a thunder-client subfolder within %APPDATA%\Code\User\globalStorage - so I can't delete that.

However, if I delete either of storage.json or state.vscdb from the globalStorage folder then it works - but that also wipes lots of other setttings across all my workspaces, so I'm reluctant to do that.

• I've tried opening the state.vscdb file in a SQLLite editor and deleting any key which contains "thunder". Then when I reopen VSCode I have to sign back into ThunderClient, but then I still get the same bug.

Where are these previous request URLs stored? How can I fix this without losing all my VS Code settings for all my workspaces?

Platform:

• OS: Windows
• vscode version: 1.95.3
• node version:
• extension version: 2.29.12

Are you using the free version/paid version/trial:

Paid subscription.

[rangav]

Thanks @wildhart for reporting the bug, Will fix it asap.

[rangav]

You can delete that request until the issue is fixed.
If UI is not working, alternatively you can delete the request from the JSON file.

[wildhart]

Delete the request from where? I have already explained that deleting the thunder-tests folder from this workspace doesn't help. All my saved requests and environments are gone, but creating a new request still has this same bug.

I can demonstrate this in another workspace which isn't broken. If I make a request to https://thunderclient.com/welcome2:

Then quit VS Code, and delete this request from the thunderActivity.json file:

Then the requst still appears in this auto-complete box:

Where is the data for this auto-complete box stored? It's not anywhere in the thunder-tests folder.

[rangav]

You can clear autocomplete history using the below option

[wildhart]

That works, thank you!

[rangav]

This bug is fixed in v2.33.2, please test and let me know feedback.