Full deployment history for this project.
Merge pull request #42 from mbarbine/copilot/consolidate-pull-requests Consolidate all open PR heads into a single merge candidate branch for `main`
Merge remote-tracking branch 'origin/palette-active-nav-links-4020450770784389131' into copilot/consolidate-pull-requests Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
Add active state highlighting to navigation links
fix: Prevent XSS in JSON-LD rendering Escapes the `<` character when outputting JSON-LD via `dangerouslySetInnerHTML` to prevent potential Cross-Site Scripting (XSS) via injected `</script>` tags.
feat: add active navigation states to header Implement active navigation link states in the Header component using `usePathname`. Uses exact path matching for root routes and prefix matching for sub-routes. Applies semantic `aria-current="page"` and CSS visual distinctions.
Fix XSS vulnerability in JSON-LD rendering Replaced `<` with `\u003c` in all occurrences of `JSON.stringify` used within `dangerouslySetInnerHTML` for `<script>` tags to prevent Cross-Site Scripting (XSS).
🎨 Palette: Add active navigation state highlighting Added visual and semantic active state indicators to both desktop and mobile navigation links in the header. What: Implemented exact path matching for root routes and prefix matching for sub-routes to accurately determine the active page. Applied visual CSS changes (text colors) and semantic `aria-current="page"` attributes to the active navigation links. Why: Previously, users lacked visual cues indicating their current location within the site hierarchy from the main navigation. This change improves orientation and wayfinding. Before/After: Links now visibly highlight (e.g., matching the primary color or foreground color) when their corresponding route or sub-route is active. Accessibility: Added the `aria-current="page"` attribute, ensuring screen readers announce the active state of navigation links to visually impaired users.
🛡️ Sentinel: [HIGH] Fix XSS Vulnerability in JSON-LD Rendering Fixes a Cross-Site Scripting (XSS) vulnerability in `components/json-ld.tsx` where `JSON.stringify` output was passed directly to `dangerouslySetInnerHTML`. Attackers could potentially inject a closing `</script>` tag followed by malicious JavaScript if any of the dynamic data (like product names or descriptions) contained un-sanitized user input. Escaped the `<` character to `\u003c` in the stringified JSON outputs, preserving valid JSON syntax while preventing HTML parser exploitation.
🎨 Palette: Add active navigation state indication Adds active visual styling and aria-current="page" to header navigation links for better accessibility and UX.
🎨 Palette: Add active navigation state highlighting
Fix XSS vulnerability in JSON-LD serialization
🛡️ Sentinel: [HIGH] Fix XSS vulnerability in JSON-LD - Replaced `dangerouslySetInnerHTML={{ __html: JSON.stringify(...) }}` with `dangerouslySetInnerHTML={{ __html: JSON.stringify(...).replace(/</g, '\\u003c') }}` in 4 places inside `components/json-ld.tsx`. - Prevents potential Cross-Site Scripting (XSS) via breaking out of `<script>` tags.
Fix XSS vulnerability in JSON-LD rendering Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
⚡ Bolt: Cache unique categories derivation Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
Fix XSS vulnerability in JSON-LD injection In components/json-ld.tsx, the `JSON.stringify` output used with `dangerouslySetInnerHTML` inside `<script>` tags was unescaped. This allows potential XSS if user input contains the string `</script>`. Added `.replace(/</g, '\\u003c')` to escape angle brackets properly to neutralize this vulnerability. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
🎨 Palette: Add active state to navigation links This commit improves the UX and accessibility of the main navigation by introducing an active state for the current page link. It adds an `isLinkActive` helper function to `components/header.tsx` that performs exact path matching for the root route (e.g., `/[lang]`) and prefix matching for sub-routes (e.g., `/[lang]/shop`). Active links are now visually distinguished using Tailwind text classes and semantically marked with the `aria-current="page"` attribute for screen readers. This pattern is documented in the `.Jules/palette.md` journal. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
fix: prevent XSS in JSON-LD rendering Safely serialize JSON in components/json-ld.tsx by replacing `<` with `\u003c` before passing it to `dangerouslySetInnerHTML`. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
feat(ux): add active state visual highlighting and aria-current to navigation Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
🛡️ Sentinel: [HIGH] Fix XSS Vulnerability in JSON-LD Scripts Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
🎨 Palette: Add active navigation state and aria-current - Added visual active states for desktop and mobile global navigation using `usePathname`. - Added `aria-current="page"` to active links to improve screen reader context. - Logged the learning in `.Jules/palette.md`. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
🎨 Palette: Add active navigation state and aria-current - Added visual active states for desktop and mobile global navigation using `usePathname`. - Added `aria-current="page"` to active links to improve screen reader context. - Logged the learning in `.Jules/palette.md`. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
Merge pull request #10 from mbarbine/palette-ux-shop-filters-402054651375332491 🎨 Palette: Improve accessibility of shop filters and product count
Merge pull request #8 from mbarbine/sentinel-fix-etsy-sync-auth-740332298146167863 🛡️ Sentinel: [CRITICAL] Add authentication to admin endpoint
Merge pull request #7 from mbarbine/feature/discovery-and-mcp-enhancements-6420565710255127848 Enhance discovery, LLMs, and MCP files. Build dynamic route handlers.
Merge pull request #5 from mbarbine/palette-product-card-focus-12295807286972002220 🎨 Palette: Add keyboard focus-within support to Product Card
Merge pull request #4 from mbarbine/palette-ux-header-focus-12015092376518312195 🎨 Palette: Add keyboard focus states to header buttons
Merge pull request #3 from mbarbine/v0/mbarbine-5b9f150e Launch official REFLUX merch store and update band history
Merge pull request #2 from mbarbine/etsy-storefront-build Launch REFLUX Official Merch Store with i18n and Spotify integration