lerko/nib-v1
1
1
Fork 0
Code Issues Pull Requests 2 Actions Packages Projects Releases Wiki Activity

fix: harden API, DB, and web layer from audit findings

Browse Source 
- Cap list API limit at 200 to prevent unbounded queries
- Sanitize markdown output with DOMPurify to prevent XSS
- Add v4 migration with indexes on deleted_at and modified_at
- Fix v2 migration swallowed ALTER TABLE errors
- Tighten ~/.nib directory permissions to 0o700
This commit is contained in:
Tyler Koenig
2026-05-20 20:41:53 -04:00
parent 1ac4196547
commit 8663beeb96
5 changed files with 54 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
web/index.html
+1
View File
@@ -97,6 +97,7 @@
</div>
</div>
<script src="https://cdn.jsdelivr.net/npm/dompurify@3/dist/purify.min.js"></script>
<script src="https://cdn.jsdelivr.net/npm/marked@15/marked.min.js"></script>
<script src="/app.js"></script>
</body>