ScreenTinker f57fc5ad81 Security hardening: auth checks, XSS escaping, input validation ... - Add requireGroupOwnership middleware to all group endpoints - Whitelist allowed command types (screen_on/off, launch, update, reboot, shutdown) - Validate color format as #RRGGBB - Escape all user-controlled strings (device/group names, emails) in dashboard HTML - Restrict trust proxy to first hop only (prevents IP spoofing + rate limit bypass) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>		2026-04-09 22:09:40 -05:00
..
activity.js	Initial open source release	2026-04-08 12:14:53 -05:00
admin.js	Initial open source release	2026-04-08 12:14:53 -05:00
billing.js	Initial open source release	2026-04-08 12:14:53 -05:00
content-library.js	Fix YouTube embed error 153 - add mute, origin, and enablejsapi params	2026-04-08 14:25:44 -05:00
dashboard.js	Security hardening: auth checks, XSS escaping, input validation	2026-04-09 22:09:40 -05:00
designer.js	Fix widget assignments, designer scaling, and cache strategy	2026-04-08 16:25:05 -05:00
device-detail.js	Add device groups UI, group commands, proxy IP fix, and web player detection	2026-04-09 22:03:44 -05:00
help.js	Initial open source release	2026-04-08 12:14:53 -05:00
kiosk.js	Initial open source release	2026-04-08 12:14:53 -05:00
layout-editor.js	Initial open source release	2026-04-08 12:14:53 -05:00
login.js	Initial open source release	2026-04-08 12:14:53 -05:00
onboarding.js	Initial open source release	2026-04-08 12:14:53 -05:00
reports.js	Initial open source release	2026-04-08 12:14:53 -05:00
schedule.js	Initial open source release	2026-04-08 12:14:53 -05:00
settings.js	Move player downloads into Add Display modal for discoverability	2026-04-08 15:04:33 -05:00
teams.js	Initial open source release	2026-04-08 12:14:53 -05:00
video-wall.js	Initial open source release	2026-04-08 12:14:53 -05:00
widgets.js	Initial open source release	2026-04-08 12:14:53 -05:00