olemd/favoritter
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions
favoritter/internal/handler
History
Ole-Morten Duesund 395b1b7523 fix: address security and quality issues from code review 
Security fixes:
- Fix XSS in Atom feed: escape user-supplied URLs in HTML content
- Wrap signup request approval in a transaction to prevent
  partial state on crash (user created but request still pending)
- Stop leaking internal error messages to admin UI
- Add request body size limit on API import endpoint
- Log SetMustResetPassword errors instead of silently discarding

Correctness fixes:
- Handle errors from API fave update/delete instead of returning
  success on failure
- Use actual data timestamp for feed <updated> instead of
  time.Now() (improves HTTP caching)
- Replace hardcoded 10000 export limit with named constant
  (maxExportFaves = 100000)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-29 16:19:44 +02:00
..
api fix: address security and quality issues from code review 2026-03-29 16:19:44 +02:00
admin.go fix: address security and quality issues from code review 2026-03-29 16:19:44 +02:00
auth.go feat: add profiles, public views, settings, and code quality fixes 2026-03-29 16:01:41 +02:00
fave.go feat: implement Phase 1 (auth) and Phase 2 (faves CRUD) foundation 2026-03-29 15:55:22 +02:00
feed.go fix: address security and quality issues from code review 2026-03-29 16:19:44 +02:00
handler.go feat: add Atom feeds and JSON/CSV import/export 2026-03-29 16:11:44 +02:00
import_export.go fix: address security and quality issues from code review 2026-03-29 16:19:44 +02:00
profile.go feat: add profiles, public views, settings, and code quality fixes 2026-03-29 16:01:41 +02:00