| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | fix(security): sanitize badge_wall_css server-side, render via textContent | Fuwn | 18 hours | 1 | -1/+2 |
| | | | | | | | | | | | | | | | | | Custom badge-wall CSS was sanitised only client-side with a fragile regex and injected via innerHTML, while the stored value stayed raw. Sanitise at the write boundary instead (setCSS, covering both the REST and GraphQL paths) with a css-tree pass that parses leniently and drops @import, behavior/-moz-binding, expression()/javascript: values, and </style> break-out attempts; render with textContent instead of innerHTML so break-out is impossible by construction (CSP already blocks inline script). css-tree stays server-only. A behaviour-gate test confirms ordinary CSS (backdrop-filter, content, url(), @media, @keyframes) is preserved while the dangerous constructs are removed. The previous regex also silently stripped all `content:` declarations; those now render correctly. | ||||
| * | fix(notifications): support per-device push subscriptions | Fuwn | 2026-03-28 | 1 | -3/+38 |
| | | |||||
| * | fix(preferences): preserve partial preference updates | Fuwn | 2026-03-28 | 1 | -44/+26 |
| | | |||||
| * | refactor(supabase): move app access to service role | Fuwn | 2026-03-27 | 7 | -8/+8 |
| | | |||||
| * | chore(format): normalise user badges store formatting | Fuwn | 2026-03-01 | 1 | -12/+10 |
| | | |||||
| * | chore(biome): drop formatter style overrides | Fuwn | 2026-03-01 | 7 | -332/+428 |
| | | |||||
| * | chore(biome): re-enable noImplicitAnyLet rule | Fuwn | 2026-03-01 | 1 | -1/+2 |
| | | |||||
| * | refactor(lib): Migrate simple components to Svelte 5 runes syntax | Fuwn | 2026-01-23 | 1 | -1/+1 |
| | | |||||
| * | refactor(Database:User): Align Badge interface with database schema | Fuwn | 2026-01-23 | 1 | -5/+16 |
| | | |||||
| * | feat(graphql): paged badges query | Fuwn | 2024-10-18 | 1 | -2/+13 |
| | | |||||
| * | chore(prettier): use spaces instead of tabs | Fuwn | 2024-10-09 | 7 | -218/+218 |
| | | |||||
| * | feat(badges): move badge operations to graphql | Fuwn | 2024-10-06 | 1 | -76/+72 |
| | | |||||
| * | feat(notifications): fingerprint for multiple grants | Fuwn | 2024-08-24 | 1 | -4/+10 |
| | | |||||
| * | refactor(Data): rename database references | Fuwn | 2024-08-24 | 7 | -0/+465 |