Archive/screentinker
1
0
Fork 0
mirror of https://github.com/screentinker/screentinker.git synced 2026-06-18 20:22:42 -06:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
screentinker/server
History
ScreenTinker d7e3ae6076 security(widgets): tighten webpage widget inner sandbox 
The webpage widget's inner iframe previously declared
sandbox="allow-scripts allow-same-origin", which was
functionally stripped to "allow-scripts" by the outer
iframe sandbox added in fe36c8c. This commit makes the
declared sandbox match the actual effective behavior.

Closes the remaining piece of issue #8.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-05-30 13:14:31 -05:00
..
config fix: log real client IPs through Cloudflare instead of CF edge 2026-05-07 15:26:37 -05:00
db Add player debug overlay and server-side error telemetry sink 2026-05-15 15:20:42 -05:00
lib feat(workspaces): invite/accept-invite backend (slice 1+3) 2026-05-16 12:19:59 -05:00
middleware feat(email): Microsoft Graph send + alert spam protection + preferences UI 2026-05-12 18:16:40 -05:00
player security(widgets): add sandbox="allow-scripts" to widget iframes 2026-05-28 12:28:34 -05:00
routes security(widgets): tighten webpage widget inner sandbox 2026-05-30 13:14:31 -05:00
services feat(workspaces): invite/accept-invite backend (slice 1+3) 2026-05-16 12:19:59 -05:00
ws fix(socket): offline debounce + truthful single-device command feedback 2026-05-14 13:11:40 -05:00
.gitignore feat(email): Microsoft Graph send + alert spam protection + preferences UI 2026-05-12 18:16:40 -05:00
config.js feat(socket): delivery queue for offline-device emits 2026-05-14 13:06:43 -05:00
package-lock.json feat(email): Microsoft Graph send + alert spam protection + preferences UI 2026-05-12 18:16:40 -05:00
package.json feat(email): Microsoft Graph send + alert spam protection + preferences UI 2026-05-12 18:16:40 -05:00
server.js Add player debug overlay and server-side error telemetry sink 2026-05-15 15:20:42 -05:00