unstructured
fix: sanitize v2 HTML output to prevent stored XSS (GHSA-v5mq-3xhg-98m9)
#4394
Merged

fix: sanitize v2 HTML output to prevent stored XSS (GHSA-v5mq-3xhg-98m9) #4394

badGarnet merged 9 commits into main from yao/stored-xss-html-output
badGarnet
badGarnet fix: sanitize v2 HTML output to prevent stored XSS (GHSA-v5mq-3xhg-98m9)
3cfd3d50
github-advanced-security
github-advanced-security commented on 2026-07-10
cubic-dev-ai
cubic-dev-ai commented on 2026-07-10
badGarnet fix: harden v2 HTML sanitization
f4d11a1b
badGarnet fix: filter inline HTML styles
0d2e3f7b
badGarnet test: assert sanitized href attributes
6c06f583
github-advanced-security
github-advanced-security commented on 2026-07-10
cubic-dev-ai
cubic-dev-ai commented on 2026-07-10
badGarnet Potential fix for pull request finding 'CodeQL / Incomplete URL subst…
e9c4f837
cubic-dev-ai
cubic-dev-ai commented on 2026-07-10
badGarnet test: regenerate HTML fixtures for sanitized v2 output
842229ad
badGarnet fix: address v2 HTML sanitization review comments
3bcfb917
badGarnet test: drop stray HTML fixture with no tracked input
0334b450
badGarnet fix: keep raw table text inside the table in v2 HTML output
73a7fecf
cubic-dev-ai
cubic-dev-ai commented on 2026-07-11
paulkarayan paulkarayan requested a review from paulkarayan paulkarayan 1 day ago
paulkarayan
paulkarayan approved these changes on 2026-07-11
badGarnet badGarnet merged cda16b3f into main 1 day ago
badGarnet badGarnet deleted the yao/stored-xss-html-output branch 1 day ago

Login to write a write a comment.

Login via GitHub

Assignees
No one assigned
Labels
Milestone