Commit Graph

1 Commits

Author SHA1 Message Date
LIghtJUNction
bae7ec410c fix(dashboard): patch bundled DOMPurify to fix XSS vulnerability
monaco-editor@0.55.1 hardcodes dompurify@3.2.7 (vulnerable to SAFE_FOR_XML
bypass via rawtext elements). Added postinstall script that downloads the
patched 3.3.3 source and replaces the bundled file in node_modules.

Also keeps dompurify override at 3.3.2 for the npm package.
2026-03-28 12:40:02 +08:00