Alexandre Lion 8f46837900 Fix critical security vulnerabilities (#211) ...

* Fix critical security vulnerabilities

Address 5 critical findings from security audit:
- Sanitize custom embed HTML to prevent stored XSS (strip all non-iframe content)
- Escape URLs in format_body/1 to prevent reflected XSS via post messages
- Add authorization check to form export endpoint (IDOR fix)
- Replace String.to_atom/1 on user input with explicit whitelists (8 locations)
- Add IP-based rate limiting on authentication endpoints via Hammer

* Start rate limiter before endpoint in supervision tree

* Update CHANGELOG

2026-02-09 19:18:14 +01:00

..

lti

Add quizz feature + improvements

2024-12-21 10:09:29 -05:00

event_controller.ex

Add more generic copy

2022-07-28 16:50:27 +02:00

mailbox_guard.ex

Format files

2023-09-09 17:20:51 +02:00

page_controller.ex

🎉 First commit of the open source project !

2022-07-23 01:44:03 +02:00

post_controller.ex

run mix format

2022-11-17 13:37:34 +01:00

stat_controller.ex

Fix critical security vulnerabilities (#211)

2026-02-09 19:18:14 +01:00

user_auth.ex

Add OIDC + better embeds

2024-08-11 11:16:34 +02:00

user_confirmation_controller.ex

Add email confirmation option

2024-10-20 11:13:31 +02:00

user_oidc_auth.ex

deps: upgrade to live view 1.0

2025-07-03 14:55:23 +02:00

user_registration_controller.ex

Add soft delete user account

2024-12-28 13:13:55 -05:00

user_reset_password_controller.ex

New features for v2 (#83)

2024-04-06 11:48:47 +02:00

user_session_controller.ex

Add email confirmation option

2024-10-20 11:13:31 +02:00

user_settings_controller.ex

New features for v2 (#83)

2024-04-06 11:48:47 +02:00