Logo
Explore Help
Register Sign In
Mirrors/Claper
1
0
Fork 0
You've already forked Claper
mirror of https://github.com/ClaperCo/Claper.git synced 2026-02-24 12:09:59 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
dev
Claper/lib/claper/rate_limit.ex

4 lines
62 B
Elixir
Raw Permalink Normal View History

Fix critical security vulnerabilities (#211) * Fix critical security vulnerabilities Address 5 critical findings from security audit: - Sanitize custom embed HTML to prevent stored XSS (strip all non-iframe content) - Escape URLs in format_body/1 to prevent reflected XSS via post messages - Add authorization check to form export endpoint (IDOR fix) - Replace String.to_atom/1 on user input with explicit whitelists (8 locations) - Add IP-based rate limiting on authentication endpoints via Hammer * Start rate limiter before endpoint in supervision tree * Update CHANGELOG
2026-02-09 19:18:14 +01:00
defmodule Claper.RateLimit do
use Hammer, backend: :ets
end
Reference in New Issue Copy Permalink
Powered by Gitea Version: 1.25.2 Page: 613ms Template: 3ms
English
Bahasa Indonesia Deutsch English Español Français Gaeilge Italiano Latviešu Magyar nyelv Nederlands Polski Português de Portugal Português do Brasil Suomi Svenska Türkçe Čeština Ελληνικά Български Русский Українська فارسی മലയാളം 日本語 简体中文 繁體中文(台灣) 繁體中文(香港) 한국어
Licenses API