olemd/skyview
1
0
Fork 0
Code Issues 12 Pull requests Projects Releases 11 Packages Wiki Activity Actions
skyview/assets/static
History
Exact
Ole-Morten Duesund 4a0a993e81 fix: Sanitize all innerHTML dynamic values to prevent XSS 
Add centralized escapeHtml() utility and apply it to every dynamic value
inserted via innerHTML/template literals across the frontend. Data from
VRS JSON sources and external CSV files (airline names, countries) flows
through the backend as arbitrary strings that could contain HTML. While
Go's json.Marshal escapes < > &, JavaScript's JSON.parse reverses those
escapes before the values reach innerHTML — enabling script injection.

Affected modules: aircraft-manager, ui-manager, callsign-manager,
map-manager, and the 3D radar labels in app.js.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-13 15:21:56 +01:00
..
css feat: Implement 3D Radar View Controls - resolves #9 2025-09-01 20:22:26 +02:00
icons feat: Improve aircraft legend clarity and icon differentiation 2025-09-01 09:57:39 +02:00
images fix: Improve logo text visibility with outlines and brighter colors 2025-09-01 17:42:19 +02:00
js fix: Sanitize all innerHTML dynamic values to prevent XSS 2026-02-13 15:21:56 +01:00
database.html feat: Add comprehensive database status web interface 2025-08-31 19:40:12 +02:00
favicon.ico Restructure assets to top-level package and add Reset Map button 2025-08-24 00:57:49 +02:00
index.html feat: Complete 3D radar enhancements with labels, interactions, and trails 2025-09-01 21:02:22 +02:00