LotusGuild/tinker_tickets
4
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e2c23d0405c0bce486d48fadb89f871091de6cf0
tinker_tickets/assets
T
History
jared e2c23d0405 Fix XSS: escape userName in reply form insertAdjacentHTML template 
showReplyForm() read userName from data-user attribute (decoded by
the browser from HTML entities) and injected it unsanitized into
insertAdjacentHTML() — any HTML special chars would be parsed as markup.
Fix: wrap with lt.escHtml() before interpolation.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-28 13:38:30 -04:00
..
css
Fix header overlap, is-hidden missing globally, and CreateTicketView CSS
2026-03-28 13:30:00 -04:00
images
Added rest of files, first commit from code server
2024-12-01 21:38:48 -05:00
js
Fix XSS: escape userName in reply form insertAdjacentHTML template
2026-03-28 13:38:30 -04:00