rainbownapkin/canopy
1
0
Fork 0
Code Issues 2 Pull requests Actions Packages Projects Releases Wiki Activity

Re-Work internetArchiveUtils.js #98

New issue
Closed
opened 2025-03-31 08:28:58 -04:00 by rainbownapkin · 4 comments
rainbownapkin commented 2025-03-31 08:28:58 -04:00 (Migrated from gitlab.com)
Copy link

Two big issues with this:

  1. It offloads actual creation of media objects to yanker which makes no sense
  2. Theres no input validation on file metadata. Someone could name a media file from IA a <script> tag and queue it to push a malicious script via XSS. That's not a great over-sight.
Two big issues with this: 1. It offloads actual creation of media objects to yanker which makes no sense 2. Theres no input validation on file metadata. Someone could name a media file from IA a \<script\> tag and queue it to push a malicious script via XSS. That's not a great over-sight.
rainbownapkin commented 2025-03-31 08:30:01 -04:00 (Migrated from gitlab.com)
Copy link

changed the description

changed the description
rainbownapkin commented 2025-03-31 08:30:26 -04:00 (Migrated from gitlab.com)
Copy link

changed the description

changed the description
rainbownapkin commented 2025-04-01 08:49:13 -04:00 (Migrated from gitlab.com)
Copy link

changed the description

changed the description
rainbownapkin commented 2025-04-01 19:12:25 -04:00 (Migrated from gitlab.com)
Copy link

Fixed issues with IA utils, continued work on playlist mgmt UI: f4db10fbc3

Fixed issues with IA utils, continued work on playlist mgmt UI: f4db10fbc38283eb26e543b5abd2814bae41b87a
rainbownapkin (Migrated from gitlab.com) closed this issue 2025-04-01 19:12:29 -04:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
dev
0.4-indev-hotfix-3
0.4-indev-hotfix-2
0.4-indev-hotfix-1
0.4-indev
0.3-indev-hotfix-1
0.3-indev
verbose-queue
0.2-indev
0.1-indev
No results found.
Labels
Clear labels   
Bug

   
Cleanup/Refactor

   
Core Feature

   
Documentation

   
Feature

   
Performance Improvement

   
Security Improvement

   
UX/Accessibility

   
Unreproducable Bug
No labels
Bug
Cleanup/Refactor
Core Feature
Documentation
Feature
Performance Improvement
Security Improvement
UX/Accessibility
Unreproducable Bug
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: rainbownapkin/canopy#98
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?