Alexandre Lion 8f46837900 Fix critical security vulnerabilities (#211) ...

* Fix critical security vulnerabilities

Address 5 critical findings from security audit:
- Sanitize custom embed HTML to prevent stored XSS (strip all non-iframe content)
- Escape URLs in format_body/1 to prevent reflected XSS via post messages
- Add authorization check to form export endpoint (IDOR fix)
- Replace String.to_atom/1 on user input with explicit whitelists (8 locations)
- Add IP-based rate limiting on authentication endpoints via Hammer

* Start rate limiter before endpoint in supervision tree

* Update CHANGELOG

2026-02-09 19:18:14 +01:00

..

converter.ex

Fix critical security vulnerabilities (#211)

2026-02-09 19:18:14 +01:00