duckietm/Nitro-V3
1
0
Fork 0
mirror of https://github.com/duckietm/Nitro-V3.git synced 2026-06-20 07:26:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
ff3bd1691b45f4a82e08ff3056e233abe57f1523
Nitro-V3/src/components/room/widgets
T
History
simoleo89 24d10aced1 fix(security): harden external-link opening (protocol allow-list + noopener) 
URLs reached window.open from user/server-controlled content without a protocol check or noopener, allowing reverse-tabnabbing and (for the chat link handler) a javascript:/data: href running in our origin.

- add isSafeExternalUrl() (http/https only) + tests; gate the chat link opener (useOnClickChat) and external photo opener with it

- SanitizeHtml: afterSanitizeAttributes hook forces rel="noopener noreferrer" on any target=_blank anchor (overrides attacker-supplied rel)

- add noopener,noreferrer to the remaining window.open(_blank) sites (YouTube share, external photo, guide forum link); drop a stray console.log
2026-06-17 19:12:01 +02:00
..
avatar-info
fix(security): sanitize user-controlled HTML in chat & username sinks
2026-06-17 19:00:42 +02:00
chat
fix(security): sanitize user-controlled HTML in chat & username sinks
2026-06-17 19:00:42 +02:00
chat-input
fix(chat): keep flood warning inside the chat bar
2026-06-15 22:35:36 +02:00
choosers
feat(hooks): permission-driven gating via useHasPermission
2026-05-19 19:00:10 +02:00
context-menu
Sweep targeted typecheck errors: 11 fixes across 9 files
2026-05-11 21:34:34 +02:00
doorbell
Revert feature-folder migration; keep classic src/components + src/hooks layout
2026-05-11 16:31:53 +00:00
friend-request
🆙 Fixed the transperent friend request popup
2026-03-13 07:06:51 +01:00
furniture
fix(security): harden external-link opening (protocol allow-list + noopener)
2026-06-17 19:12:01 +02:00
mysterybox
🆙 Upgrade to tailwind css 4.2.0
2026-02-20 08:17:17 +01:00
object-location
React 19: useRef<T>() -> useRef<T>(null) across 15 sites
2026-05-11 21:33:58 +02:00
pet-package
🆙 Upgrade to tailwind css 4.2.0
2026-02-20 08:17:17 +01:00
room-filter-words
refactor(navigator): migrate all 13 consumers off useNavigator god-hook
2026-05-27 18:58:03 +02:00
room-promotes
🆙 Upgrade to tailwind css 4.2.0
2026-02-20 08:17:17 +01:00
room-thumbnail
🆙 Init V3
2026-01-31 09:10:52 +01:00
room-tools
refactor(navigator): migrate all 13 consumers off useNavigator god-hook
2026-05-27 18:58:03 +02:00
user-location
🆙 Init V3
2026-01-31 09:10:52 +01:00
word-quiz
🆙 Init V3
2026-01-31 09:10:52 +01:00
RoomWidgetsView.tsx
widgets: wrap each room + furniture widget in its own WidgetErrorBoundary
2026-05-14 20:18:38 +02:00