agnes-the-ai-analyst

AI-Cognitive-Leap/agnes-the-ai-analyst

Fork 0

Commit graph

Author	SHA1	Message	Date
ZdenekSrotyr	b3ffc98e9f	fix(security): XSS hardening for setup banner + cleanup unused imports - Add _sanitize_banner_html() to src/setup_banner.py: strips <script>/ <iframe> blocks, on* event-handler attributes, and javascript:/data: URI schemes post-render (I-2). Defense-in-depth — /setup is partly anonymous so malformed admin content must not execute in visitors' browsers. - Apply sanitizer in render_setup_banner() before returning rendered HTML. - Add 3 unit tests: test_render_strips_script_tags, test_render_strips_event_handlers, test_render_strips_javascript_uri. - Drop unused Optional import from src/repositories/welcome_template.py and src/repositories/setup_banner.py (M-6).	2026-05-03 16:12:13 +02:00
ZdenekSrotyr	19f1795350	feat(repo): WelcomeTemplateRepository singleton CRUD	2026-05-03 16:10:48 +02:00

Author

SHA1

Message

Date

ZdenekSrotyr

b3ffc98e9f

fix(security): XSS hardening for setup banner + cleanup unused imports

- Add _sanitize_banner_html() to src/setup_banner.py: strips <script>/
  <iframe> blocks, on* event-handler attributes, and javascript:/data:
  URI schemes post-render (I-2). Defense-in-depth — /setup is partly
  anonymous so malformed admin content must not execute in visitors'
  browsers.
- Apply sanitizer in render_setup_banner() before returning rendered HTML.
- Add 3 unit tests: test_render_strips_script_tags,
  test_render_strips_event_handlers, test_render_strips_javascript_uri.
- Drop unused Optional import from src/repositories/welcome_template.py
  and src/repositories/setup_banner.py (M-6).

2026-05-03 16:12:13 +02:00

ZdenekSrotyr

19f1795350

feat(repo): WelcomeTemplateRepository singleton CRUD

2026-05-03 16:10:48 +02:00

2 commits