Mirrors/Claper
1
0
Fork 0
mirror of https://github.com/ClaperCo/Claper.git synced 2026-02-24 12:09:59 +01:00
Code Issues Packages Projects Releases Wiki Activity
370 Commits 8 Branches 20 Tags
dev
Commit Graph

8 Commits

Author SHA1 Message Date
Alexandre Lion
8f46837900 Fix critical security vulnerabilities (#211) 
* Fix critical security vulnerabilities

Address 5 critical findings from security audit:
- Sanitize custom embed HTML to prevent stored XSS (strip all non-iframe content)
- Escape URLs in format_body/1 to prevent reflected XSS via post messages
- Add authorization check to form export endpoint (IDOR fix)
- Replace String.to_atom/1 on user input with explicit whitelists (8 locations)
- Add IP-based rate limiting on authentication endpoints via Hammer

* Start rate limiter before endpoint in supervision tree

* Update CHANGELOG
 2026-02-09 19:18:14 +01:00
Alexandre Lion
5853bc34d8 Add admin panel and user roles (#189) 2025-11-20 10:44:06 +01:00
Alex Lion
b61c82fe55 chore: change gettext backend syntax 2025-07-03 15:38:53 +02:00
Alex
cdbaac06e0 Add OIDC + better embeds 2024-08-11 11:16:34 +02:00
Alex
3ceff40a5b Add LTI support 2024-07-11 12:41:05 +02:00
Alex
8ae3ed8aab Mix format 2023-11-23 14:16:11 +01:00
Alex
92eafa9af2 Fix translation 2023-11-23 12:38:08 +01:00
Dhanus
d3989068a2 feat: Add Embed #61 (#72) 2023-11-23 12:06:39 +01:00