elias/everything-claude-code
1
0
Fork 0
mirror of https://github.com/affaan-m/everything-claude-code.git synced 2026-06-20 03:40:29 +08:00
Code Issues Packages Projects Releases Wiki Activity
everything-claude-code/tests/scripts
History
Affaan Mustafa a03d63cba0 fix(security): close XSS in control-pane board controls 
The interactive claim/move buttons concatenated work-item ids into inline
onclick JS with only single-quote escaping — a crafted id (ids/titles come from
GitHub sync and manual upserts, not a strict allowlist) could break out and
inject script, even on the localhost-only server.

Fix: emit the id/lane in HTML-escaped data-* attributes (escapeHtml encodes
&<>"'), attach delegated click listeners that read them via getAttribute, and
pass the raw value as a JS string arg — never concatenated into code. Adds a
regression assertion that no inline onclick handlers with interpolated ids
remain. Flagged by automated security review.

Full suite 2845/2845; lint green.
2026-06-18 18:25:28 -04:00
..
auto-update.test.js
test: normalize auto-update repo root expectation on windows
2026-04-29 21:01:27 -04:00
build-opencode.test.js
fix: narrow npm publish surface to the module graph
2026-04-12 23:48:53 -07:00
catalog.test.js
feat: add install catalog and project config autodetection
2026-03-27 05:56:39 -04:00
check-unicode-safety.test.js
test(ci): regression coverage for newly-covered invisible code points
2026-05-18 21:20:36 -04:00
claw.test.js
fix: stabilize windows hook and claw tests
2026-03-05 12:37:24 -08:00
codex-hooks.test.js
fix: add plugin cache health check (#2249)
2026-06-15 14:01:25 -04:00
consult.test.js
fix: tune machine learning workflow routing
2026-05-11 18:11:05 -04:00
control-pane.test.js
fix(security): close XSS in control-pane board controls
2026-06-18 18:25:28 -04:00
dashboard-web.test.js
feat: add web capabilities dashboard (#2100)
2026-06-15 14:01:16 -04:00
discussion-audit.test.js
chore: gate canonical ECC release identity (#1991)
2026-05-19 06:42:17 -04:00
doctor.test.js
feat: orchestration harness, selective install, observer improvements
2026-03-14 12:55:25 -07:00
ecc-dashboard.test.js
fix: port hook session and dashboard safety fixes
2026-05-11 02:53:28 -04:00
ecc.test.js
feat: add ECC2 local control pane (#2131)
2026-06-03 21:54:30 +08:00
gemini-adapt-agents.test.js
feat: add gemini agent adapter
2026-04-08 15:38:49 -07:00
github-coordination.test.js
docs+chore: add README Security section; fix lint regressions on main
2026-06-16 02:08:14 -04:00
harness-audit.test.js
feat: extend harness audit integration scoring (#1990)
2026-05-19 06:20:54 -04:00
install-apply.test.js
feat(mcp): single-connector default set + connector policy (#2219)
2026-06-09 23:28:35 -04:00
install-plan.test.js
fix: restore short Claude plugin slug and skill installs (#1712)
2026-05-11 02:10:36 -04:00
install-ps1.test.js
fix: document supported claude hook install path
2026-04-12 23:29:45 -07:00
install-readme-clarity.test.js
docs: align rules README install namespace
2026-05-15 02:07:43 -04:00
install-sh.test.js
fix: document supported claude hook install path
2026-04-12 23:29:45 -07:00
instinct-cli-projects.test.js
fix: surface legacy data warning in instinct-cli status (#2127)
2026-06-07 13:26:22 +08:00
list-installed.test.js
feat: orchestration harness, selective install, observer improvements
2026-03-14 12:55:25 -07:00
loop-status.test.js
fix: handle dotted reserved snapshot names
2026-04-30 12:25:14 -04:00
manual-hook-install-docs.test.js
fix: document supported claude hook install path
2026-04-12 23:29:45 -07:00
npm-publish-surface.test.js
fix: add plugin cache health check (#2249)
2026-06-15 14:01:25 -04:00
observability-readiness.test.js
security: add supply-chain IOC scanner (#1904)
2026-05-14 21:15:35 -04:00
openclaw-persona-forge-gacha.test.js
fix: CI fixes, security audit, remotion skill, lead-intelligence, npm audit (#1039)
2026-03-31 15:08:55 -04:00
operator-readiness-dashboard.test.js
docs: sync live native payments gate evidence
2026-05-19 23:25:38 -04:00
orchestrate-codex-worker.test.js
fix: refresh orchestration follow-up after #414 (#430)
2026-03-16 14:29:28 -07:00
orchestration-status.test.js
feat: orchestration harness, selective install, observer improvements
2026-03-14 12:55:25 -07:00
platform-audit.test.js
docs: sync selected-target announcement gate (#2020)
2026-05-19 22:09:45 -04:00
post-bash-command-log.test.js
fix: port safe ci cleanup from backlog
2026-04-01 16:09:54 -07:00
preview-pack-smoke.test.js
Add preview pack smoke gate
2026-05-17 15:35:23 -04:00
release-approval-gate.test.js
Add release approval gate
2026-05-19 18:18:54 -04:00
release-publish.test.js
test: normalize release workflow line endings
2026-05-18 13:53:26 -04:00
release-video-suite.test.js
chore: refresh suite count evidence (#2000)
2026-05-19 09:58:53 -04:00
release.test.js
test(ecc2): normalize release workflow newlines
2026-04-29 17:31:01 -04:00
repair.test.js
test: stabilize repair lifecycle on Windows
2026-05-18 03:48:51 -04:00
session-inspect.test.js
Add PowerShell installer wrapper and update documentation (#532)
2026-03-16 13:35:17 -07:00
setup-package-manager.test.js
test: cover setGlobal/setProject catch blocks and session-start main().catch
2026-02-13 09:55:00 -08:00
skill-create-output.test.js
test: add 3 tests for stdin 1MB overflow and analyzePhase async method (round 87)
2026-02-13 12:42:20 -08:00
sync-ecc-to-codex.test.js
fix: harden install and codex sync portability
2026-04-01 16:04:56 -07:00
trae-install.test.js
Finalize and enhance SLSA generic generator workflow (#2197)
2026-06-15 14:01:29 -04:00
uninstall.test.js
feat: salvage windows desktop e2e skill
2026-05-11 19:15:02 -04:00
work-items.test.js
feat(work-items): add 'claim' command for JIT work pickup
2026-06-18 17:07:24 -04:00