Full deployment history for this project.
Merge pull request #42 from mbarbine/bolt-limit-concurrency-registration-11300451473427502077 bolt: limit concurrency in network registration
Merge branch 'main' into bolt-limit-concurrency-registration-11300451473427502077
bolt: limit concurrency in network registration - Add `pool` concurrency-limiting utility to `lib/utils.ts` - Update `app/api/network/register/route.ts` to use `pool` with limit 3 - Add `tests/lib/concurrency.test.ts` for verification - Document learning in `.jules/bolt.md`
Merge pull request #36 from mbarbine/feature/platphorm-schema-pack-update-7025101993469330229 feat: Implement modular PlatPhorm Schema Pack & align network AI endpoints
Sync local repository changes
Merge pull request #41 from mbarbine/sentinel/xss-svg-dompurify-15052303557761246769
Merge pull request #41 from mbarbine/sentinel/xss-svg-dompurify-15052303557761246769
fix: resolve merge conflicts and restore config properties from main merge Agent-Logs-Url: https://github.com/mbarbine/svg-micro-factory/sessions/eb77b213-2707-4ef2-bc78-84f05edf7db5 Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
Merge pull request #41 from mbarbine/sentinel/xss-svg-dompurify-15052303557761246769 š”ļø Sentinel: [HIGH] Fix XSS in SVG rendering via DOMPurify
š”ļø Sentinel: [HIGH] Fix XSS in SVG rendering via DOMPurify šØ Severity: HIGH š” Vulnerability: User input and generic SVG templates rendered via `dangerouslySetInnerHTML` were open to Cross-Site Scripting (XSS) from malicious payload scripts (e.g., `<script>alert(1)</script>`) and malicious event handlers. šÆ Impact: Attackers could execute arbitrary code within the victims browser if they manage to sneak a malicious payload into `svg-preview` via uploading files or sharing payloads in template strings. š§ Fix: Adopted `isomorphic-dompurify` to parse and strip any executable Javascript/HTML inside SVG tags. Wrapped the invocation inside `useMemo` hooks to avoid performance bottlenecks on render cycles. ā Verification: `pnpm test` successfully completed and NextJS build passes correctly, mitigating the XSS vector while maintaining core functionality.
š”ļø Sentinel: [HIGH] Fix XSS vulnerability in SVG rendering This commit mitigates an XSS vulnerability present in SVG component rendering logic where raw SVGs were being rendered via dangerouslySetInnerHTML without sanitization. isomorphic-dompurify has been integrated to ensure proper sanitization for all rendered SVGs within the application, along with a corresponding test in tests/components/SVGPreview.test.tsx.
š”ļø Sentinel: [HIGH] Fix XSS vulnerability in raw SVG generation - Sanitize SVG strings rendered with dangerouslySetInnerHTML in SVG previews and galleries. - Use isomorphic-dompurify with SVG profile to safely strip scripts and unsafe attributes.
š”ļø Sentinel: [CRITICAL] Fix XSS vulnerability in SVG previews Added DOMPurify from isomorphic-dompurify to sanitize SVG content before rendering via dangerouslySetInnerHTML. This prevents Cross-Site Scripting (XSS) via potentially malicious user-provided or generated SVGs.
fix: remove invalid nodeVersion from vercel.json (use .node-version instead)