Sami 9a0abc02d1 Fix remaining frontend security issues (3 medium, 2 low) ...

- Escape user-input port number in app-selector innerHTML
- Replace inline onclick with addEventListener in backup history (HTML entity decode bypass)
- Add Content-Security-Policy meta tag with script hash
- Replace document.write with textContent for footer year
- Filter __proto__/constructor/prototype in Object.assign calls

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-03-07 02:06:55 -08:00

14 KiB

Raw Blame History

View Raw