github/penpot
1
0
Fork 0
mirror of https://github.com/penpot/penpot.git synced 2026-06-16 04:12:03 +00:00
Code Issues Packages Projects Releases Wiki Activity
penpot/frontend
History
Andrey Antukh 724f84df00 🐛 Fix stored XSS vulnerability in comment content rendering 
Add escape-html function that escapes HTML special characters and apply
it in the comment editor at four dom/set-html! call sites where
user-provided text is inserted as innerHTML, preventing stored XSS.

References: GHSA-vc72-6r45-q988
Signed-off-by: Andrey Antukh <niwi@niwi.nz>
2026-05-13 12:45:32 +00:00
..
.storybook
⬆️ Update storybook and fix compatibility issues
2025-12-30 14:56:15 +01:00
.yarn/patches
♻️ Replace jszip usage with zip.js library
2025-05-20 13:05:52 +02:00
dev
externs
packages
🐛 Fix crash when pasting image into text editor
2026-03-24 13:00:28 +00:00
patches
🎉 Migrate to PNPM frontend module
2026-01-22 13:55:41 +01:00
playwright
🐛 Fix tooltip position on absolute positioned elements (#8509)
2026-03-09 12:11:39 +01:00
resources
📚 Add 2.15.0 onboarding slides (#9172)
2026-04-28 10:21:56 +02:00
scripts
Allow render entrypoint load alternative config
2026-04-22 13:11:10 +02:00
src
🐛 Fix stored XSS vulnerability in comment content rendering
2026-05-13 12:45:32 +00:00
test/frontend_tests
🐛 Fix Plugin API token application for JS array of strings
2026-04-29 19:09:25 +02:00
text-editor
Merge remote-tracking branch 'origin/staging-render' into develop
2026-02-12 11:00:56 +01:00
translations
Improve team name validation (#9176)
2026-04-29 08:59:09 +02:00
.prettierrc.json
AGENTS.md
📚 Update frontend/AGENTS.md file
2026-03-26 14:12:11 +01:00
deps.edn
Replace tubax with more modern tooling
2025-12-23 13:10:58 +01:00
package.json
🐛 Fix maximum call stack size exceeded in SSE read-stream (#9484)
2026-05-11 11:06:15 +02:00
playwright.config.js
Merge remote-tracking branch 'origin/staging-render' into develop
2026-02-04 13:50:13 +01:00
pnpm-lock.yaml
🐛 Fix maximum call stack size exceeded in SSE read-stream (#9484)
2026-05-11 11:06:15 +02:00
pnpm-workspace.yaml
Add example ui storybook
2026-02-10 08:29:24 +01:00
shadow-cljs.edn
Add protection for stale cache of js assets loading issues (#8638)
2026-03-30 19:46:51 +02:00
vite.config.js
⬆️ Update storybook and fix compatibility issues
2025-12-30 14:56:15 +01:00
vitest.shims.d.ts
🔧 Upgrade storybook (#7693)
2025-11-05 17:15:19 +01:00