TimeLineifyer

Greg/TimeLineifyer

Fork 0

Commit Graph

Author	SHA1	Message	Date
Greg	7497230990	Fix security vulnerabilities found in security review - Add Content-Security-Policy meta tag restricting external resources - Add sanitizeEvent/sanitizeTimeline to validate/allowlist data from localStorage and imported JSON - Escape ev.thumbnail in SVG <image href> with xe() to prevent javascript: URL injection - Escape dynamic IDs in inline onclick handlers with esc() throughout Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-15 11:54:52 +01:00
Greg	c159d66eb7	Add index.html and gitignore Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-15 11:28:06 +01:00

Author

SHA1

Message

Date

Greg

7497230990

Fix security vulnerabilities found in security review

- Add Content-Security-Policy meta tag restricting external resources
- Add sanitizeEvent/sanitizeTimeline to validate/allowlist data from localStorage and imported JSON
- Escape ev.thumbnail in SVG <image href> with xe() to prevent javascript: URL injection
- Escape dynamic IDs in inline onclick handlers with esc() throughout

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-03-15 11:54:52 +01:00

Greg

c159d66eb7

Add index.html and gitignore

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-03-15 11:28:06 +01:00

2 Commits