svemagie/indiekit-endpoint-microsub
1
0
Fork 0
mirror of https://github.com/svemagie/indiekit-endpoint-microsub.git synced 2026-04-02 15:35:00 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
f3e8648fedfc3fa6a66a5d24c4635ab96bbc414d
indiekit-endpoint-microsub/lib/media
History
Ricardo 3c8a4b2b53 fix: security hardening (SSRF, ReDoS, XSS, open redirect) 
- Add SSRF blocklist to media proxy (block private/internal IPs)
- Escape regex in searchItems() to prevent ReDoS
- Sanitize webmention content.html before storage (XSS prevention)
- Return 404 instead of redirect on failed media proxy (open redirect fix)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-15 14:40:12 +01:00
..
proxy.js
fix: security hardening (SSRF, ReDoS, XSS, open redirect)
2026-02-15 14:40:12 +01:00