Full deployment history for this project.
Merge pull request #35 from mbarbine/copilot/enhance-ui-ux-features Improve responsive workbench UX with auto-fit preview and small-screen overflow hardening
Implement responsive auto-fit and mobile overflow fixes Agent-Logs-Url: https://github.com/mbarbine/platphorm-layout/sessions/f8400f47-e6ef-469f-bb68-8be23d31f616 Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
Plan responsive UX enhancements Agent-Logs-Url: https://github.com/mbarbine/platphorm-layout/sessions/f8400f47-e6ef-469f-bb68-8be23d31f616 Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
Merge pull request #34 from mbarbine/copilot/build-phase-2-layout
Merge pull request #34 from mbarbine/copilot/build-phase-2-layout Phase 2 layout surface expansion: add audit flows, template detail routes, spec export, and MCP/API parity
Add audit/template routes and expand API-MCP layout capabilities Agent-Logs-Url: https://github.com/mbarbine/platphorm-layout/sessions/99d7dcaf-8fb1-4334-a64a-5d1538b0dcd3 Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
Plan Phase 2 gap fixes Agent-Logs-Url: https://github.com/mbarbine/platphorm-layout/sessions/99d7dcaf-8fb1-4334-a64a-5d1538b0dcd3 Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
š”ļø Sentinel: [HIGH] Fix Open Redirect & XSS in SearchBar via unvalidated searchHref prop
Merge branch 'main' into sentinel-xss-fix-style-tag-11724258561197862045
š”ļø Sentinel: [HIGH] Fix XSS vulnerability in ChartStyle component Replaced `<` with `\u003c` in dynamically generated CSS string injected via `dangerouslySetInnerHTML` in the `<style>` block in `components/ui/chart.tsx`. This mitigates a potential Cross-Site Scripting (XSS) vulnerability where an attacker could inject `</style><script>alert(1)</script>` if they had control over the chart configuration. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
š”ļø Sentinel: [HIGH] Fix XSS vulnerability in chart styles šØ Severity: HIGH š” Vulnerability: The `ChartStyle` component used `dangerouslySetInnerHTML` to inject dynamic CSS without escaping `<` characters. An attacker controlling chart keys or themes could inject `</style><script>alert('XSS')</script>`, closing the style block prematurely and executing arbitrary code. šÆ Impact: This could lead to a Cross-Site Scripting (XSS) vulnerability, allowing attackers to execute JavaScript in the context of the user's session. š§ Fix: Appended `.replace(/</g, "\\u003c")` to the dynamically generated CSS string before it is rendered via `dangerouslySetInnerHTML`, neutralizing any injected HTML tags. ā Verification: Ran `pnpm test` and `pnpm build` to ensure no regressions were introduced. Evaluated that legitimate CSS does not use the `<` character, so no functionality is broken. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
š”ļø Sentinel: Apply security headers in middleware Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
Merge pull request #20 from mbarbine/jules-platphorm-network-integration-17414511420714130208 feat: integrate platphorm network and add navigation features