openclaw/oikos
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2f6127911ecc7ca899bfbec748c544aacf75f259
oikos/public/pages
T
History
Ulas 3d2604bab9 fix(security): address critical and high findings from security audit 
Fix stored XSS in tasks (titles/subtasks) and settings (member list)
by applying escHtml(). Harden trust proxy to loopback default, add
OAuth state parameter for Google Calendar CSRF protection, sanitize
CSV export against formula injection, invalidate sessions on user
deletion, restrict usernames to alphanumeric chars, and require admin
role for calendar sync triggers.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-03 17:28:36 +02:00
..
budget.js
fix: replace hardcoded Uhr suffix and use getLocale() in budget
2026-03-31 23:27:44 +02:00
calendar.js
fix: replace hardcoded Uhr suffix and use getLocale() in budget
2026-03-31 23:27:44 +02:00
contacts.js
fix: replace hardcoded Fehler fallbacks with t(common.unknownError)
2026-03-31 23:13:41 +02:00
dashboard.js
style: replace em dashes with hyphens throughout codebase
2026-04-03 17:04:39 +02:00
login.js
feat: i18n login, dashboard, tasks pages
2026-03-31 22:31:57 +02:00
meals.js
style: replace em dashes with hyphens throughout codebase
2026-04-03 17:04:39 +02:00
notes.js
fix: replace hardcoded Fehler fallbacks with t(common.unknownError)
2026-03-31 23:13:41 +02:00
settings.js
fix(security): address critical and high findings from security audit
2026-04-03 17:28:36 +02:00
shopping.js
style: replace em dashes with hyphens throughout codebase
2026-04-03 17:04:39 +02:00
tasks.js
fix(security): address critical and high findings from security audit
2026-04-03 17:28:36 +02:00