github/penpot
1
0
Fork 0
mirror of https://github.com/penpot/penpot.git synced 2026-05-16 05:23:39 +00:00
Code Issues Packages Projects Releases Wiki Activity
penpot/frontend
History
Andrey Antukh 67d9567971
🐛 Prevent CSS injection vulnerability in font family names 
Add a shared `schema:font-family` whitelist validator in
app.common.types.font that only allows letters, digits, spaces,
hyphens, underscores, and dots in font family names. Apply the schema
to create-font-variant and update-font RPC endpoints on the
backend, and add client-side validation in the dashboard fonts UI.
Include unit tests for the schema and integration tests for the RPC
handlers.

Signed-off-by: Andrey Antukh <niwi@niwi.nz>
2026-05-14 13:46:02 +02:00
..
.storybook
⬆️ Update storybook and fix compatibility issues
2025-12-30 14:56:15 +01:00
.yarn/patches
♻️ Replace jszip usage with zip.js library
2025-05-20 13:05:52 +02:00
dev
Add facility for create anonymous objects
2024-11-25 16:35:44 +01:00
externs
📎 Add externs for worker build
2024-12-23 10:03:10 +01:00
packages
🐛 Fix crash when pasting image into text editor
2026-03-24 13:00:28 +00:00
patches
🎉 Migrate to PNPM frontend module
2026-01-22 13:55:41 +01:00
playwright
🐛 Fix tooltip position on absolute positioned elements (#8509)
2026-03-09 12:11:39 +01:00
resources
📚 Add 2.15.0 onboarding slides (#9172)
2026-04-28 10:21:56 +02:00
scripts
Allow render entrypoint load alternative config
2026-04-22 13:11:10 +02:00
src
🐛 Prevent CSS injection vulnerability in font family names
2026-05-14 13:46:02 +02:00
test/frontend_tests
🐛 Fix Plugin API token application for JS array of strings
2026-04-29 19:09:25 +02:00
text-editor
Merge remote-tracking branch 'origin/staging-render' into develop
2026-02-12 11:00:56 +01:00
translations
🐛 Prevent CSS injection vulnerability in font family names
2026-05-14 13:46:02 +02:00
.prettierrc.json
AGENTS.md
📚 Update frontend/AGENTS.md file
2026-03-26 14:12:11 +01:00
deps.edn
Replace tubax with more modern tooling
2025-12-23 13:10:58 +01:00
package.json
⬆️ Update dependencies (#9597)
2026-05-13 14:14:10 +02:00
playwright.config.js
Merge remote-tracking branch 'origin/staging-render' into develop
2026-02-04 13:50:13 +01:00
pnpm-lock.yaml
⬆️ Update dependencies (#9597)
2026-05-13 14:14:10 +02:00
pnpm-workspace.yaml
Add example ui storybook
2026-02-10 08:29:24 +01:00
shadow-cljs.edn
Add protection for stale cache of js assets loading issues (#8638)
2026-03-30 19:46:51 +02:00
vite.config.js
⬆️ Update storybook and fix compatibility issues
2025-12-30 14:56:15 +01:00
vitest.shims.d.ts
🔧 Upgrade storybook (#7693)
2025-11-05 17:15:19 +01:00