From eb5f54a6d01a38ca5f8c6863eac1c250df06fb68 Mon Sep 17 00:00:00 2001
From: Zimeng Xiong <zxzimeng@gmail.com>
Date: Sun, 23 Nov 2025 08:53:36 -0800
Subject: [PATCH] unify version numbering

---
 RELEASE.md                      |  4 +-
 VERSION                         |  2 +-
 backend/package.json            |  2 +-
 backend/src/securityTest.ts     | 75 ++++++++++++++++++---------------
 frontend/package.json           |  2 +-
 frontend/src/pages/Settings.tsx |  2 +-
 6 files changed, 47 insertions(+), 40 deletions(-)

diff --git a/RELEASE.md b/RELEASE.md
index 9d1d4c0..a082234 100644
--- a/RELEASE.md
+++ b/RELEASE.md
@@ -1,8 +1,8 @@
-# ExcaliDash v0.1.3
+# ExcaliDash v0.1.4
 
 **Type:** Security Release  
 **Date:** 2025-11-23  
-**Compatibility:** v0.1.0 (Backward Compatible)
+**Compatibility:** v0.1.x (Backward Compatible)
 
 ## Security Fixes
 
diff --git a/VERSION b/VERSION
index 7693c96..446ba66 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-0.1.3
\ No newline at end of file
+0.1.4
\ No newline at end of file
diff --git a/backend/package.json b/backend/package.json
index 56d0af9..81043ed 100644
--- a/backend/package.json
+++ b/backend/package.json
@@ -1,6 +1,6 @@
 {
   "name": "backend",
-  "version": "0.1.3",
+  "version": "0.1.4",
   "description": "",
   "main": "index.js",
   "scripts": {
diff --git a/backend/src/securityTest.ts b/backend/src/securityTest.ts
index 8748aeb..311a008 100644
--- a/backend/src/securityTest.ts
+++ b/backend/src/securityTest.ts
@@ -12,7 +12,7 @@ import {
   sanitizeDrawingData,
 } from "./security";
 
-console.log("🧪 Starting Security Test Suite...\n");
+console.log("Starting Security Test Suite...\n");
 
 // Test 1: HTML/JS Sanitization
 console.log("Test 1: HTML/JS Sanitization");
@@ -25,12 +25,15 @@ const maliciousHtml = `
   Normal text content
 `;
 const sanitizedHtml = sanitizeHtml(maliciousHtml);
-console.log("✅ Original:", maliciousHtml.substring(0, 100) + "...");
-console.log("✅ Sanitized:", sanitizedHtml.substring(0, 100) + "...");
-console.log("✅ Script tags removed:", !sanitizedHtml.includes("<script>"));
-console.log("✅ Event handlers removed:", !sanitizedHtml.includes("onerror="));
+console.log("PASS: Original:", maliciousHtml.substring(0, 100) + "...");
+console.log("PASS: Sanitized:", sanitizedHtml.substring(0, 100) + "...");
+console.log("PASS: Script tags removed:", !sanitizedHtml.includes("<script>"));
 console.log(
-  "✅ Malicious URLs blocked:",
+  "PASS: Event handlers removed:",
+  !sanitizedHtml.includes("onerror=")
+);
+console.log(
+  "PASS: Malicious URLs blocked:",
   !sanitizedHtml.includes("javascript:")
 );
 console.log("");
@@ -47,11 +50,11 @@ const maliciousSvg = `
   </svg>
 `;
 const sanitizedSvg = sanitizeSvg(maliciousSvg);
-console.log("✅ Original:", maliciousSvg.substring(0, 100) + "...");
-console.log("✅ Sanitized:", sanitizedSvg.substring(0, 100) + "...");
-console.log("✅ SVG scripts removed:", !sanitizedSvg.includes("<script>"));
+console.log("PASS: Original:", maliciousSvg.substring(0, 100) + "...");
+console.log("PASS: Sanitized:", sanitizedSvg.substring(0, 100) + "...");
+console.log("PASS: SVG scripts removed:", !sanitizedSvg.includes("<script>"));
 console.log(
-  "✅ Malicious hrefs sanitized:",
+  "PASS: Malicious hrefs sanitized:",
   !sanitizedSvg.includes("javascript:")
 );
 console.log("");
@@ -72,7 +75,9 @@ const maliciousUrls = [
 maliciousUrls.forEach((url) => {
   const sanitized = sanitizeUrl(url);
   const isSafe = sanitized !== "";
-  console.log(`✅ "${url}" -> "${sanitized}" (${isSafe ? "SAFE" : "BLOCKED"})`);
+  console.log(
+    `PASS: "${url}" -> "${sanitized}" (${isSafe ? "SAFE" : "BLOCKED"})`
+  );
 });
 console.log("");
 
@@ -81,14 +86,14 @@ console.log("Test 4: Text Sanitization with Length Limits");
 const longText = "A".repeat(2000);
 const sanitizedLongText = sanitizeText(longText, 500);
 console.log(
-  `✅ Long text truncated: ${longText.length} -> ${sanitizedLongText.length} chars`
+  `PASS: Long text truncated: ${longText.length} -> ${sanitizedLongText.length} chars`
 );
 
 const maliciousText = "<script>alert('XSS')</script>Normal text";
 const sanitizedText = sanitizeText(maliciousText);
-console.log(`✅ Text sanitized: "${maliciousText}" -> "${sanitizedText}"`);
+console.log(`PASS: Text sanitized: "${maliciousText}" -> "${sanitizedText}"`);
 console.log(
-  "✅ Malicious content removed:",
+  "PASS: Malicious content removed:",
   !sanitizedText.includes("<script>")
 );
 console.log("");
@@ -131,20 +136,20 @@ const maliciousDrawing = {
 
 console.log("Testing malicious drawing validation...");
 const isValidDrawing = validateImportedDrawing(maliciousDrawing);
-console.log(`✅ Malicious drawing rejected: ${!isValidDrawing}`);
+console.log(`PASS: Malicious drawing rejected: ${!isValidDrawing}`);
 
 try {
   const sanitizedDrawing = sanitizeDrawingData(maliciousDrawing);
-  console.log("✅ Sanitization successful");
-  console.log(`✅ Text sanitized: ${sanitizedDrawing.elements[0].text}`);
+  console.log("PASS: Sanitization successful");
+  console.log(`PASS: Text sanitized: ${sanitizedDrawing.elements[0].text}`);
   console.log(
-    `✅ Link sanitized: ${sanitizedDrawing.elements[1].link || "null"}`
+    `PASS: Link sanitized: ${sanitizedDrawing.elements[1].link || "null"}`
   );
   console.log(
-    `✅ SVG sanitized: ${!sanitizedDrawing.preview?.includes("<script>")}`
+    `PASS: SVG sanitized: ${!sanitizedDrawing.preview?.includes("<script>")}`
   );
 } catch (error) {
-  console.log("✅ Sanitization failed as expected:", error.message);
+  console.log("PASS: Sanitization failed as expected:", error.message);
 }
 console.log("");
 
@@ -185,26 +190,28 @@ const legitimateDrawing = {
 };
 
 const isValidLegitimate = validateImportedDrawing(legitimateDrawing);
-console.log(`✅ Legitimate drawing accepted: ${isValidLegitimate}`);
+console.log(`PASS: Legitimate drawing accepted: ${isValidLegitimate}`);
 
 try {
   const sanitizedLegitimate = sanitizeDrawingData(legitimateDrawing);
-  console.log("✅ Legitimate drawing sanitization successful");
-  console.log(`✅ Text preserved: "${sanitizedLegitimate.elements[0].text}"`);
+  console.log("PASS: Legitimate drawing sanitization successful");
   console.log(
-    `✅ Safe URL preserved: "${sanitizedLegitimate.elements[1].link}"`
+    `PASS: Text preserved: "${sanitizedLegitimate.elements[0].text}"`
+  );
+  console.log(
+    `PASS: Safe URL preserved: "${sanitizedLegitimate.elements[1].link}"`
   );
 } catch (error) {
-  console.log("❌ Legitimate drawing should not fail:", error.message);
+  console.log("FAIL: Legitimate drawing should not fail:", error.message);
 }
 console.log("");
 
-console.log("🎉 Security Test Suite Completed!");
-console.log("\n📊 Test Summary:");
-console.log("✅ HTML/JS injection prevention - WORKING");
-console.log("✅ SVG malicious content blocking - WORKING");
-console.log("✅ URL scheme validation - WORKING");
-console.log("✅ Text sanitization with limits - WORKING");
-console.log("✅ Malicious drawing rejection - WORKING");
-console.log("✅ Legitimate content preservation - WORKING");
-console.log("\n🔒 XSS Prevention: IMPLEMENTED & FUNCTIONAL");
+console.log("Completed! Security Test Suite Completed!");
+console.log("\nSummary: Test Summary:");
+console.log("PASS: HTML/JS injection prevention - WORKING");
+console.log("PASS: SVG malicious content blocking - WORKING");
+console.log("PASS: URL scheme validation - WORKING");
+console.log("PASS: Text sanitization with limits - WORKING");
+console.log("PASS: Malicious drawing rejection - WORKING");
+console.log("PASS: Legitimate content preservation - WORKING");
+console.log("\nSecurity: XSS Prevention: IMPLEMENTED & FUNCTIONAL");
diff --git a/frontend/package.json b/frontend/package.json
index 17772c4..dcc838e 100644
--- a/frontend/package.json
+++ b/frontend/package.json
@@ -1,7 +1,7 @@
 {
   "name": "frontend",
   "private": true,
-  "version": "0.1.3",
+  "version": "0.1.4",
   "type": "module",
   "scripts": {
     "dev": "vite",
diff --git a/frontend/src/pages/Settings.tsx b/frontend/src/pages/Settings.tsx
index d405890..7b62582 100644
--- a/frontend/src/pages/Settings.tsx
+++ b/frontend/src/pages/Settings.tsx
@@ -214,7 +214,7 @@ export const Settings: React.FC = () => {
                     <div className="text-center">
                         <h3 className="text-xl font-bold text-slate-900 dark:text-white mb-1">Version Info</h3>
                         <div className="text-sm text-slate-500 dark:text-neutral-400 font-medium flex flex-col items-center gap-1">
-                            <span className="font-mono text-base text-slate-900 dark:text-white">
+                            <span className="text-base text-slate-900 dark:text-white">
                                 {appVersion}
                             </span>
                             {buildLabel && (