svemagie/indiekit-endpoint-microsub
1
0
Fork 0
mirror of https://github.com/svemagie/indiekit-endpoint-microsub.git synced 2026-04-02 15:35:00 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
3de1020d354f0261974dad978f50df31e9004ab9
indiekit-endpoint-microsub/lib/storage
History
Ricardo 3c8a4b2b53 fix: security hardening (SSRF, ReDoS, XSS, open redirect) 
- Add SSRF blocklist to media proxy (block private/internal IPs)
- Escape regex in searchItems() to prevent ReDoS
- Sanitize webmention content.html before storage (XSS prevention)
- Return 404 instead of redirect on failed media proxy (open redirect fix)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-15 14:40:12 +01:00
..
channels.js
fix: store dates as ISO strings instead of Date objects
2026-02-12 22:30:40 +01:00
feeds.js
fix: store dates as ISO strings instead of Date objects
2026-02-12 22:30:40 +01:00
filters.js
feat: restore full microsub implementation with reader UI
2026-02-06 20:20:25 +01:00
items.js
fix: security hardening (SSRF, ReDoS, XSS, open redirect)
2026-02-15 14:40:12 +01:00
read-state.js
feat: restore full microsub implementation with reader UI
2026-02-06 20:20:25 +01:00