oikos

openclaw/oikos

Fork 0

Commit Graph

Author	SHA1	Message	Date
Ulas Kalayci	a4ad10a872	fix(installer): validate host/port input before use in DOM Prevents unvalidated user input from reaching DOM sinks (href, template literals). Host is checked against a strict hostname regex; port is parsed as an integer and range-checked to 1-65535. An inline error message is shown on validation failure. Resolves CodeQL js/xss-through-dom alert #7. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-22 00:05:08 +02:00
Ulas Kalayci	7795a737c5	feat(installer): add web-based installer server and UI Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-04-21 13:23:06 +02:00

Author

SHA1

Message

Date

Ulas Kalayci

a4ad10a872

fix(installer): validate host/port input before use in DOM

Prevents unvalidated user input from reaching DOM sinks (href, template
literals). Host is checked against a strict hostname regex; port is
parsed as an integer and range-checked to 1-65535. An inline error
message is shown on validation failure.

Resolves CodeQL js/xss-through-dom alert #7.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-04-22 00:05:08 +02:00

Ulas Kalayci

7795a737c5

feat(installer): add web-based installer server and UI

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

2026-04-21 13:23:06 +02:00

2 Commits