jared 87f878ee6b Fix XSS: escape user_name and created_at in reply DOM injection ...

submitReply() built a replyDiv.innerHTML template literal using
data.user_name (API response) without escaping — an attacker-controlled
display name could inject arbitrary HTML. Fix: wrap all API-sourced
string values in lt.escHtml() within the template.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-03-28 13:42:27 -04:00

..

advanced-search.js

Accessibility pass: ARIA roles, label associations, CSS class migrations

2026-03-20 20:29:58 -04:00

ascii-banner.js

Accessibility pass: ARIA roles, label associations, CSS class migrations

2026-03-20 20:29:58 -04:00

base.js

feat: complete TDS v1.2 redesign across all views

2026-03-27 19:05:42 -04:00

dashboard.js

fix: deep audit — wire TDS v1.2 components, fix kanban/tabs/bulk/avatar

2026-03-27 19:58:14 -04:00

keyboard-shortcuts.js

Accessibility pass: ARIA roles, label associations, CSS class migrations

2026-03-20 20:29:58 -04:00

markdown.js

Fix bracket buttons rendering below text + UI/security improvements

2026-03-19 22:20:43 -04:00

settings.js

Guard lt.* calls when base.js unavailable to prevent crash

2026-03-17 23:34:59 -04:00

ticket.js

Fix XSS: escape user_name and created_at in reply DOM injection

2026-03-28 13:42:27 -04:00

toast.js

Integrate web_template design system and fix security/quality issues

2026-03-17 23:22:24 -04:00

utils.js

Consolidate showConfirmModal into utils.js, remove duplicate from dashboard.js

2026-03-20 21:44:46 -04:00