kpfleming/pkg-proxy
1
0
Fork 0
forked from mirrors/pkg-proxy
Code Pull requests Activity
132 commits 4 branches 1 tag 854 KiB
Commit graph

4 commits

Author SHA1 Message Date
Andrew Nesbitt
9e97a3316a
 		Escape user-controlled strings in browse source JavaScript 
File paths from archive contents were interpolated directly into onclick
handlers and innerHTML via template literals. A crafted filename containing
quotes could break out of the string context and execute arbitrary JS.

Add an escapeHTML helper and use it on all interpolated path and URL values
in the browse source page.
 2026-03-12 11:59:14 +00:00
Andrew Nesbitt
82443e137f
 		Add generated OpenAPI docs support 2026-03-12 11:49:31 +00:00
Andrew Nesbitt
fe32236a57
 		Remove hard-coded ecosystems from templates 2026-03-11 17:25:47 +00:00
Andrew Nesbitt
2d7cb8eae5
 		Refactoring and features 2026-02-03 22:40:40 +00:00