Mirrors/Claper
1
0
Fork 0
mirror of https://github.com/ClaperCo/Claper.git synced 2026-02-24 12:09:59 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
dev
Claper/lib/claper/rate_limit.ex

4 lines
62 B
Elixir
Raw Permalink Normal View History

Fix critical security vulnerabilities (#211) * Fix critical security vulnerabilities Address 5 critical findings from security audit: - Sanitize custom embed HTML to prevent stored XSS (strip all non-iframe content) - Escape URLs in format_body/1 to prevent reflected XSS via post messages - Add authorization check to form export endpoint (IDOR fix) - Replace String.to_atom/1 on user input with explicit whitelists (8 locations) - Add IP-based rate limiting on authentication endpoints via Hammer * Start rate limiter before endpoint in supervision tree * Update CHANGELOG
2026-02-09 19:18:14 +01:00
defmodule Claper.RateLimit do
use Hammer, backend: :ets
end
Reference in New Issue Copy Permalink