Younes ENNAJI 1d81de581b fix: escape nonce and mainScript to prevent XSS vulnerabilities ...

The HtmlPresenter was interpolating user-controlled values directly into
HTML attributes and JavaScript code without proper escaping, creating
XSS vulnerabilities.

Changes:
- Escape nonce with htmlspecialchars() for HTML attribute context
- Escape nonce with json_encode() for JavaScript string context
- Escape mainScript with json_encode() for JavaScript string context

Added tests to verify XSS payloads are properly escaped.

2026-03-01 19:55:49 +00:00

..

adapters

add vitest for JS/TS testing with comprehensive test coverage

2026-02-25 15:52:21 +00:00

Laravel

fix: correct inverted Livewire registration condition

2026-03-01 19:53:39 +00:00

Noty

improve test coverage for edge cases

2026-02-25 19:31:21 +00:00

Notyf

improve test coverage for PHPUnit and Vitest

2026-02-25 19:16:53 +00:00

Prime

fix: escape nonce and mainScript to prevent XSS vulnerabilities

2026-03-01 19:55:49 +00:00

SweetAlert

improve test coverage for edge cases

2026-02-25 19:31:21 +00:00

Symfony

add tests for FlasherDataCollector

2026-02-26 06:04:11 +00:00

Toastr

improve test coverage for edge cases

2026-02-25 19:31:21 +00:00

flasher-plugin.test.ts

improve test coverage for PHPUnit and Vitest

2026-02-25 19:16:53 +00:00

flasher.test.ts

fix test to properly suppress expected console error

2026-02-25 19:50:01 +00:00

plugin.test.ts

add vitest for JS/TS testing with comprehensive test coverage

2026-02-25 15:52:21 +00:00

setup.ts

add vitest for JS/TS testing with comprehensive test coverage

2026-02-25 15:52:21 +00:00

themes.test.ts

add vitest for JS/TS testing with comprehensive test coverage

2026-02-25 15:52:21 +00:00