elias/everything-claude-code
1
0
Fork 0
mirror of https://github.com/affaan-m/everything-claude-code.git synced 2026-06-19 19:30:29 +08:00
Code Issues Packages Projects Releases Wiki Activity
everything-claude-code/tests
History
Affaan Mustafa a03d63cba0 fix(security): close XSS in control-pane board controls 
The interactive claim/move buttons concatenated work-item ids into inline
onclick JS with only single-quote escaping — a crafted id (ids/titles come from
GitHub sync and manual upserts, not a strict allowlist) could break out and
inject script, even on the localhost-only server.

Fix: emit the id/lane in HTML-escaped data-* attributes (escapeHtml encodes
&<>"'), attach delegated click listeners that read them via getAttribute, and
pass the raw value as a JS string arg — never concatenated into code. Adds a
regression assertion that no inline onclick handlers with interpolated ids
remain. Flagged by automated security review.

Full suite 2845/2845; lint green.
2026-06-18 18:25:28 -04:00
..
ci
Merge pull request #2241 from itkdm/feat/add-vue-ecosystem
2026-06-15 14:07:31 -04:00
commands
fix: accept crlf command frontmatter
2026-04-30 03:41:18 -04:00
docs
release: 2.0.0 — the agent harness operating system
2026-06-09 21:40:40 -04:00
hooks
fix(gateguard): check isDestructiveFindExec on each command segment to close compound-command bypass (#2292)
2026-06-18 16:30:46 -04:00
integration
fix(hooks): avoid escaped quotes in plugin bootstrap
2026-05-19 05:15:42 -04:00
lib
feat(control-pane): add agent+human JIT assignment view to the work-items board
2026-06-18 16:59:30 -04:00
scripts
fix(security): close XSS in control-pane board controls
2026-06-18 18:25:28 -04:00
__init__.py
Small changes
2026-04-12 12:34:45 +05:30
codex-config.test.js
fix(codex): broaden context7 config checks
2026-03-29 00:26:16 -04:00
conftest.py
docs: salvage focused stale PR contributions
2026-05-11 05:31:12 -04:00
opencode-config.test.js
fix: namespace opencode command agents
2026-04-05 14:21:57 -07:00
opencode-plugin-hooks.test.js
feat(opencode): 全面升级OpenCode集成 (#2251)
2026-06-15 14:01:34 -04:00
opencode-tools.test.js
feat(opencode): 全面升级OpenCode集成 (#2251)
2026-06-15 14:01:34 -04:00
plugin-manifest.test.js
fix: add plugin cache health check (#2249)
2026-06-15 14:01:25 -04:00
run-all.js
feat: worktree-lifecycle service (deterministic conflict prediction + safe GC) (#2164)
2026-06-07 13:00:08 +08:00
test_astraflow_provider.py
feat: add Astraflow provider support
2026-05-11 23:21:46 -04:00
test_atlas_provider.py
feat: add Atlas Cloud as LLM/AI provider (#2279)
2026-06-18 16:29:11 -04:00
test_builder.py
docs: salvage focused stale PR contributions
2026-05-11 05:31:12 -04:00
test_claude_provider.py
docs: salvage focused stale PR contributions
2026-05-11 05:31:12 -04:00
test_executor.py
Small changes
2026-04-12 12:34:45 +05:30
test_invariant_runner.py
fix: sanitize subprocess call in runner.py (#2149)
2026-06-15 13:49:45 -04:00
test_provider_tools.py
fix: harden openai-compatible provider responses
2026-05-18 01:04:28 -04:00
test_resolver.py
feat: add Atlas Cloud as LLM/AI provider (#2279)
2026-06-18 16:29:11 -04:00
test_templates.py
docs: salvage focused stale PR contributions
2026-05-11 05:31:12 -04:00
test_types.py
feat: add Astraflow provider support
2026-05-11 23:21:46 -04:00