From 6d5ed6fdd8819f010eddc43e4578f55687bca89b Mon Sep 17 00:00:00 2001 From: Haileyesus <118998054+blackmammoth@users.noreply.github.com> Date: Mon, 29 Jun 2026 15:16:13 +0300 Subject: [PATCH] fix(code-editor): harden media preview against SVG XSS and improve a11y Withhold the open-in-new-tab action for SVG previews. The link is a top-level navigation to a blob URL, which inherits the app's origin, so a user-controlled SVG containing