vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-06-07 09:52:53 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
7bc4a333aa09caa38d369470590e5915f93e642b
openclaw/src/auto-reply/reply/export-html
History
Sebastien Tardif 7bc4a333aa fix(security): escape entry.id in HTML export to prevent attribute XSS (#83104) 
* fix(security): escape entry.id in HTML export to prevent attribute XSS

Apply escapeHtmlAttr to entry.id in renderEntry and renderCopyLinkButton
to prevent attribute injection via crafted entry IDs in HTML exports.

Signed-off-by: Sebastien Tardif <sebtardif@ncf.ca>

* chore: remove proof helper scripts from branch

ClawSweeper P2: committed proof scripts can provide false-positive
validation. Proof output is in the PR body instead.

Signed-off-by: Sebastien Tardif <sebtardif@ncf.ca>

---------

Signed-off-by: Sebastien Tardif <sebtardif@ncf.ca>
2026-05-22 21:27:14 +01:00
..
vendor
template.css
Revert "refactor: move runtime state to SQLite"
2026-05-13 13:33:38 +01:00
template.html
template.js
fix(security): escape entry.id in HTML export to prevent attribute XSS (#83104)
2026-05-22 21:27:14 +01:00
template.security.test.ts
fix(security): escape entry.id in HTML export to prevent attribute XSS (#83104)
2026-05-22 21:27:14 +01:00