Archive/screentinker
1
0
Fork 0
mirror of https://github.com/screentinker/screentinker.git synced 2026-05-15 07:32:23 -06:00
Code Issues Actions Packages Projects Releases Wiki Activity
screentinker/frontend/js
History
ScreenTinker f57fc5ad81 Security hardening: auth checks, XSS escaping, input validation 
- Add requireGroupOwnership middleware to all group endpoints
- Whitelist allowed command types (screen_on/off, launch, update, reboot, shutdown)
- Validate color format as #RRGGBB
- Escape all user-controlled strings (device/group names, emails) in dashboard HTML
- Restrict trust proxy to first hop only (prevents IP spoofing + rate limit bypass)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-09 22:09:40 -05:00
..
components Initial open source release 2026-04-08 12:14:53 -05:00
views Security hardening: auth checks, XSS escaping, input validation 2026-04-09 22:09:40 -05:00
api.js Add device groups UI, group commands, proxy IP fix, and web player detection 2026-04-09 22:03:44 -05:00
app.js Initial open source release 2026-04-08 12:14:53 -05:00
i18n.js Initial open source release 2026-04-08 12:14:53 -05:00
socket.js Initial open source release 2026-04-08 12:14:53 -05:00