d8dfun/claudecodeui
1
0
Fork 0
mirror of https://github.com/siteboon/claudecodeui.git synced 2026-06-03 19:15:37 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
f705f2555e0353f74b4f51509194adda1f107a74
claudecodeui/src/components
History
tuanaiseo f705f2555e fix(security)(components): unsanitized svg content injected via `dangerouslys 
The plugin icon renderer fetches SVG text from `/api/plugins/.../assets/...` and injects it directly into the DOM using `dangerouslySetInnerHTML` after only checking that the payload starts with `<svg`. This does not remove malicious attributes/elements (e.g., event handlers, scriptable SVG payloads), enabling DOM-based XSS if a plugin asset is malicious or compromised.

Affected files: PluginIcon.tsx

Signed-off-by: tuanaiseo <221258316+tuanaiseo@users.noreply.github.com>
2026-04-12 06:17:10 +07:00
..
app
fix(ui): remove mobile bottom nav, unify processing indicator, and improve tooltip behavior on mobile (#632)
2026-04-10 12:36:06 +02:00
auth
feat: add branding, community links, GitHub star badge, and About settings tab
2026-04-10 13:06:16 +00:00
chat
refactor: remove unused whispher transcribe logic (#637)
2026-04-10 15:34:34 +02:00
code-editor
Refactor/shared and tasks components (#473)
2026-03-05 23:47:58 +01:00
file-tree
fix: corrupted binary downloads (#634)
2026-04-10 12:35:23 +02:00
git-panel
refactor: remove unused whispher transcribe logic (#637)
2026-04-10 15:34:34 +02:00
llm-logo-provider
Refactor/shared and tasks components (#473)
2026-03-05 23:47:58 +01:00
main-content
fix: numerous bugs (#528)
2026-03-11 00:16:11 +01:00
onboarding/view
fix: remove /exit command from claude login flow during onboarding (#552)
2026-03-17 08:46:16 +01:00
plugins/view
fix(security)(components): unsanitized svg content injected via `dangerouslys
2026-04-12 06:17:10 +07:00
prd-editor
Refactor/shared and tasks components (#473)
2026-03-05 23:47:58 +01:00
project-creation-wizard
Refactor/shared and tasks components (#473)
2026-03-05 23:47:58 +01:00
provider-auth
fix: claude auth changes and adding copy on mobile
2026-03-21 16:40:44 +00:00
quick-settings-panel
refactor: remove unused whispher transcribe logic (#637)
2026-04-10 15:34:34 +02:00
settings
feat: add branding, community links, GitHub star badge, and About settings tab
2026-04-10 13:06:16 +00:00
shell
fix(ui): remove mobile bottom nav, unify processing indicator, and improve tooltip behavior on mobile (#632)
2026-04-10 12:36:06 +02:00
sidebar
feat: add branding, community links, GitHub star badge, and About settings tab
2026-04-10 13:06:16 +00:00
standalone-shell/view
fix: numerous bugs (#528)
2026-03-11 00:16:11 +01:00
task-master
Refactor/shared and tasks components (#473)
2026-03-05 23:47:58 +01:00
version-upgrade/view
Refactor/shared and tasks components (#473)
2026-03-05 23:47:58 +01:00