Skip to content

fix: escape admin file page values#136

Open
vagdotdev wants to merge 1 commit into
tscircuit:mainfrom
vagdotdev:bounty/admin-html-escape-5
Open

fix: escape admin file page values#136
vagdotdev wants to merge 1 commit into
tscircuit:mainfrom
vagdotdev:bounty/admin-html-escape-5

Conversation

@vagdotdev

Copy link
Copy Markdown

Summary

  • escape untrusted file paths and metadata in admin file list/details HTML
  • URL-encode generated admin download/static links while preserving the existing safe link shape
  • add a regression for a malicious file path and HTML-looking text content

Validation

  • bun test tests/routes/admin-files-page.test.ts
  • bun test
  • bunx tsc --noEmit
  • bun run format:check
  • bun run build
  • git diff --check

/claim #5

@vagdotdev

Copy link
Copy Markdown
Author

/claim #5

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant