favoritter

History

Ole-Morten Duesund 395b1b7523 fix: address security and quality issues from code review Security fixes: - Fix XSS in Atom feed: escape user-supplied URLs in HTML content - Wrap signup request approval in a transaction to prevent partial state on crash (user created but request still pending) - Stop leaking internal error messages to admin UI - Add request body size limit on API import endpoint - Log SetMustResetPassword errors instead of silently discarding Correctness fixes: - Handle errors from API fave update/delete instead of returning success on failure - Use actual data timestamp for feed <updated> instead of time.Now() (improves HTTP caching) - Replace hardcoded 10000 export limit with named constant (maxExportFaves = 100000) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-29 16:19:44 +02:00
..
api.go	fix: address security and quality issues from code review	2026-03-29 16:19:44 +02:00

Ole-Morten Duesund 395b1b7523 fix: address security and quality issues from code review

Security fixes:
- Fix XSS in Atom feed: escape user-supplied URLs in HTML content
- Wrap signup request approval in a transaction to prevent
  partial state on crash (user created but request still pending)
- Stop leaking internal error messages to admin UI
- Add request body size limit on API import endpoint
- Log SetMustResetPassword errors instead of silently discarding

Correctness fixes:
- Handle errors from API fave update/delete instead of returning
  success on failure
- Use actual data timestamp for feed <updated> instead of
  time.Now() (improves HTTP caching)
- Replace hardcoded 10000 export limit with named constant
  (maxExportFaves = 100000)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-03-29 16:19:44 +02:00

api.go

fix: address security and quality issues from code review

2026-03-29 16:19:44 +02:00