ScreenTinker f57fc5ad81 Security hardening: auth checks, XSS escaping, input validation ... - Add requireGroupOwnership middleware to all group endpoints - Whitelist allowed command types (screen_on/off, launch, update, reboot, shutdown) - Validate color format as #RRGGBB - Escape all user-controlled strings (device/group names, emails) in dashboard HTML - Restrict trust proxy to first hop only (prevents IP spoofing + rate limit bypass) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>		2026-04-09 22:09:40 -05:00
..
activity.js	Initial open source release	2026-04-08 12:14:53 -05:00
assignments.js	Instant playlist push, fix YouTube looping, auto-fetch video titles	2026-04-08 15:42:41 -05:00
auth.js	Initial open source release	2026-04-08 12:14:53 -05:00
content.js	Instant playlist push, fix YouTube looping, auto-fetch video titles	2026-04-08 15:42:41 -05:00
device-groups.js	Security hardening: auth checks, XSS escaping, input validation	2026-04-09 22:09:40 -05:00
devices.js	Hide unclaimed devices from dashboard, add unassigned API, add upgrade docs	2026-04-08 13:13:46 -05:00
kiosk.js	Initial open source release	2026-04-08 12:14:53 -05:00
layouts.js	Initial open source release	2026-04-08 12:14:53 -05:00
provisioning.js	Initial open source release	2026-04-08 12:14:53 -05:00
reports.js	Initial open source release	2026-04-08 12:14:53 -05:00
schedules.js	Initial open source release	2026-04-08 12:14:53 -05:00
status.js	Initial open source release	2026-04-08 12:14:53 -05:00
stripe.js	Initial open source release	2026-04-08 12:14:53 -05:00
subscription.js	Initial open source release	2026-04-08 12:14:53 -05:00
teams.js	Initial open source release	2026-04-08 12:14:53 -05:00
video-walls.js	Initial open source release	2026-04-08 12:14:53 -05:00
white-label.js	Initial open source release	2026-04-08 12:14:53 -05:00
widgets.js	Fix widget assignments, designer scaling, and cache strategy	2026-04-08 16:25:05 -05:00