Andrey Antukh
67d9567971
🐛 Prevent CSS injection vulnerability in font family names ...
Add a shared `schema:font-family` whitelist validator in
app.common.types.font that only allows letters, digits, spaces,
hyphens, underscores, and dots in font family names. Apply the schema
to create-font-variant and update-font RPC endpoints on the
backend, and add client-side validation in the dashboard fonts UI.
Include unit tests for the schema and integration tests for the RPC
handlers.
Signed-off-by: Andrey Antukh <niwi@niwi.nz>
2026-05-14 13:46:02 +02:00
2026-02-16 09:41:49 +01:00
2026-02-16 09:41:49 +01:00
2026-02-16 09:41:49 +01:00
2026-02-16 09:41:49 +01:00
2026-02-16 09:41:49 +01:00
2026-02-16 09:41:49 +01:00
2026-02-16 09:41:49 +01:00
2026-02-16 09:41:49 +01:00
2026-05-14 13:46:02 +02:00
2026-02-16 09:41:49 +01:00
2026-04-20 19:37:02 +02:00
2026-02-16 09:41:49 +01:00
2026-02-16 09:41:49 +01:00
2026-02-16 09:41:49 +01:00
2026-02-16 09:41:49 +01:00
2026-02-16 09:41:49 +01:00
2026-02-16 09:41:49 +01:00
2026-02-16 09:41:49 +01:00
2026-02-16 09:41:49 +01:00
2026-02-16 09:41:49 +01:00
2026-02-16 09:41:49 +01:00
2026-02-16 09:41:49 +01:00
2026-02-16 09:41:49 +01:00
2026-02-16 09:41:49 +01:00
2026-02-16 09:41:49 +01:00
2026-02-16 09:41:49 +01:00
2026-02-16 09:41:49 +01:00
2026-02-16 09:41:49 +01:00
2026-02-16 09:41:49 +01:00
2026-02-16 09:41:49 +01:00
2026-02-16 09:41:49 +01:00
2023-10-04 13:49:57 +02:00
2026-02-16 09:41:49 +01:00
2026-02-16 09:41:49 +01:00
2026-02-16 09:41:49 +01:00
2026-02-16 09:41:49 +01:00
2026-02-16 09:41:49 +01:00
2026-02-16 09:41:49 +01:00
2026-02-16 09:41:49 +01:00
2026-02-16 09:41:49 +01:00
2026-02-16 09:41:49 +01:00
2026-02-16 09:41:49 +01:00
2026-02-16 09:41:49 +01:00
2026-02-16 09:41:49 +01:00
2026-02-16 09:41:49 +01:00
2026-02-16 09:41:49 +01:00
2026-02-16 09:41:49 +01:00
2026-02-16 09:41:49 +01:00
2026-02-16 09:41:49 +01:00
67d9567971