yoinkkk/ExcaliDash
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

unify version numbering

Browse Source
This commit is contained in:
Zimeng Xiong
2025-11-23 08:53:36 -08:00
parent c502f1c0bd
commit eb5f54a6d0
6 changed files with 47 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files
RELEASE.md
+2 -2
View File
@@ -1,8 +1,8 @@
# ExcaliDash v0.1.3 # ExcaliDash v0.1.4
**Type:** Security Release **Type:** Security Release
**Date:** 2025-11-23 **Date:** 2025-11-23
**Compatibility:** v0.1.0 (Backward Compatible) **Compatibility:** v0.1.x (Backward Compatible)
## Security Fixes ## Security Fixes
VERSION
+1 -1
View File
@@ -1 +1 @@
0.1.3 0.1.4
backend/package.json
+1 -1
View File
@@ -1,6 +1,6 @@
{ {
"name": "backend", "name": "backend",
"version": "0.1.3", "version": "0.1.4",
"description": "", "description": "",
"main": "index.js", "main": "index.js",
"scripts": { "scripts": {
backend/src/securityTest.ts
+41 -34
View File
@@ -12,7 +12,7 @@ import {
sanitizeDrawingData, sanitizeDrawingData,
} from "./security"; } from "./security";
console.log("🧪 Starting Security Test Suite...\n"); console.log("Starting Security Test Suite...\n");
// Test 1: HTML/JS Sanitization // Test 1: HTML/JS Sanitization
console.log("Test 1: HTML/JS Sanitization"); console.log("Test 1: HTML/JS Sanitization");
@@ -25,12 +25,15 @@ const maliciousHtml = `
Normal text content Normal text content
`; `;
const sanitizedHtml = sanitizeHtml(maliciousHtml); const sanitizedHtml = sanitizeHtml(maliciousHtml);
console.log(" Original:", maliciousHtml.substring(0, 100) + "..."); console.log("PASS: Original:", maliciousHtml.substring(0, 100) + "...");
console.log(" Sanitized:", sanitizedHtml.substring(0, 100) + "..."); console.log("PASS: Sanitized:", sanitizedHtml.substring(0, 100) + "...");
console.log(" Script tags removed:", !sanitizedHtml.includes("<script>")); console.log("PASS: Script tags removed:", !sanitizedHtml.includes("<script>"));
console.log("✅ Event handlers removed:", !sanitizedHtml.includes("onerror="));
console.log( console.log(
"✅ Malicious URLs blocked:", "PASS: Event handlers removed:",
!sanitizedHtml.includes("onerror=")
);
console.log(
"PASS: Malicious URLs blocked:",
!sanitizedHtml.includes("javascript:") !sanitizedHtml.includes("javascript:")
); );
console.log(""); console.log("");
@@ -47,11 +50,11 @@ const maliciousSvg = `
</svg> </svg>
`; `;
const sanitizedSvg = sanitizeSvg(maliciousSvg); const sanitizedSvg = sanitizeSvg(maliciousSvg);
console.log(" Original:", maliciousSvg.substring(0, 100) + "..."); console.log("PASS: Original:", maliciousSvg.substring(0, 100) + "...");
console.log(" Sanitized:", sanitizedSvg.substring(0, 100) + "..."); console.log("PASS: Sanitized:", sanitizedSvg.substring(0, 100) + "...");
console.log(" SVG scripts removed:", !sanitizedSvg.includes("<script>")); console.log("PASS: SVG scripts removed:", !sanitizedSvg.includes("<script>"));
console.log( console.log(
" Malicious hrefs sanitized:", "PASS: Malicious hrefs sanitized:",
!sanitizedSvg.includes("javascript:") !sanitizedSvg.includes("javascript:")
); );
console.log(""); console.log("");
@@ -72,7 +75,9 @@ const maliciousUrls = [
maliciousUrls.forEach((url) => { maliciousUrls.forEach((url) => {
const sanitized = sanitizeUrl(url); const sanitized = sanitizeUrl(url);
const isSafe = sanitized !== ""; const isSafe = sanitized !== "";
console.log(`✅ "${url}" -> "${sanitized}" (${isSafe ? "SAFE" : "BLOCKED"})`); console.log(
`PASS: "${url}" -> "${sanitized}" (${isSafe ? "SAFE" : "BLOCKED"})`
);
}); });
console.log(""); console.log("");
@@ -81,14 +86,14 @@ console.log("Test 4: Text Sanitization with Length Limits");
const longText = "A".repeat(2000); const longText = "A".repeat(2000);
const sanitizedLongText = sanitizeText(longText, 500); const sanitizedLongText = sanitizeText(longText, 500);
console.log( console.log(
` Long text truncated: ${longText.length} -> ${sanitizedLongText.length} chars` `PASS: Long text truncated: ${longText.length} -> ${sanitizedLongText.length} chars`
); );
const maliciousText = "<script>alert('XSS')</script>Normal text"; const maliciousText = "<script>alert('XSS')</script>Normal text";
const sanitizedText = sanitizeText(maliciousText); const sanitizedText = sanitizeText(maliciousText);
console.log(` Text sanitized: "${maliciousText}" -> "${sanitizedText}"`); console.log(`PASS: Text sanitized: "${maliciousText}" -> "${sanitizedText}"`);
console.log( console.log(
" Malicious content removed:", "PASS: Malicious content removed:",
!sanitizedText.includes("<script>") !sanitizedText.includes("<script>")
); );
console.log(""); console.log("");
@@ -131,20 +136,20 @@ const maliciousDrawing = {
console.log("Testing malicious drawing validation..."); console.log("Testing malicious drawing validation...");
const isValidDrawing = validateImportedDrawing(maliciousDrawing); const isValidDrawing = validateImportedDrawing(maliciousDrawing);
console.log(` Malicious drawing rejected: ${!isValidDrawing}`); console.log(`PASS: Malicious drawing rejected: ${!isValidDrawing}`);
try { try {
const sanitizedDrawing = sanitizeDrawingData(maliciousDrawing); const sanitizedDrawing = sanitizeDrawingData(maliciousDrawing);
console.log(" Sanitization successful"); console.log("PASS: Sanitization successful");
console.log(` Text sanitized: ${sanitizedDrawing.elements[0].text}`); console.log(`PASS: Text sanitized: ${sanitizedDrawing.elements[0].text}`);
console.log( console.log(
` Link sanitized: ${sanitizedDrawing.elements[1].link || "null"}` `PASS: Link sanitized: ${sanitizedDrawing.elements[1].link || "null"}`
); );
console.log( console.log(
` SVG sanitized: ${!sanitizedDrawing.preview?.includes("<script>")}` `PASS: SVG sanitized: ${!sanitizedDrawing.preview?.includes("<script>")}`
); );
} catch (error) { } catch (error) {
console.log(" Sanitization failed as expected:", error.message); console.log("PASS: Sanitization failed as expected:", error.message);
} }
console.log(""); console.log("");
@@ -185,26 +190,28 @@ const legitimateDrawing = {
}; };
const isValidLegitimate = validateImportedDrawing(legitimateDrawing); const isValidLegitimate = validateImportedDrawing(legitimateDrawing);
console.log(` Legitimate drawing accepted: ${isValidLegitimate}`); console.log(`PASS: Legitimate drawing accepted: ${isValidLegitimate}`);
try { try {
const sanitizedLegitimate = sanitizeDrawingData(legitimateDrawing); const sanitizedLegitimate = sanitizeDrawingData(legitimateDrawing);
console.log(" Legitimate drawing sanitization successful"); console.log("PASS: Legitimate drawing sanitization successful");
console.log(`✅ Text preserved: "${sanitizedLegitimate.elements[0].text}"`);
console.log( console.log(
`✅ Safe URL preserved: "${sanitizedLegitimate.elements[1].link}"` `PASS: Text preserved: "${sanitizedLegitimate.elements[0].text}"`
);
console.log(
`PASS: Safe URL preserved: "${sanitizedLegitimate.elements[1].link}"`
); );
} catch (error) { } catch (error) {
console.log(" Legitimate drawing should not fail:", error.message); console.log("FAIL: Legitimate drawing should not fail:", error.message);
} }
console.log(""); console.log("");
console.log("🎉 Security Test Suite Completed!"); console.log("Completed! Security Test Suite Completed!");
console.log("\n📊 Test Summary:"); console.log("\nSummary: Test Summary:");
console.log(" HTML/JS injection prevention - WORKING"); console.log("PASS: HTML/JS injection prevention - WORKING");
console.log(" SVG malicious content blocking - WORKING"); console.log("PASS: SVG malicious content blocking - WORKING");
console.log(" URL scheme validation - WORKING"); console.log("PASS: URL scheme validation - WORKING");
console.log(" Text sanitization with limits - WORKING"); console.log("PASS: Text sanitization with limits - WORKING");
console.log(" Malicious drawing rejection - WORKING"); console.log("PASS: Malicious drawing rejection - WORKING");
console.log(" Legitimate content preservation - WORKING"); console.log("PASS: Legitimate content preservation - WORKING");
console.log("\n🔒 XSS Prevention: IMPLEMENTED & FUNCTIONAL"); console.log("\nSecurity: XSS Prevention: IMPLEMENTED & FUNCTIONAL");
frontend/package.json
+1 -1
View File
@@ -1,7 +1,7 @@
{ {
"name": "frontend", "name": "frontend",
"private": true, "private": true,
"version": "0.1.3", "version": "0.1.4",
"type": "module", "type": "module",
"scripts": { "scripts": {
"dev": "vite", "dev": "vite",
frontend/src/pages/Settings.tsx
+1 -1
View File
@@ -214,7 +214,7 @@ export const Settings: React.FC = () => {
<div className="text-center"> <div className="text-center">
<h3 className="text-xl font-bold text-slate-900 dark:text-white mb-1">Version Info</h3> <h3 className="text-xl font-bold text-slate-900 dark:text-white mb-1">Version Info</h3>
<div className="text-sm text-slate-500 dark:text-neutral-400 font-medium flex flex-col items-center gap-1"> <div className="text-sm text-slate-500 dark:text-neutral-400 font-medium flex flex-col items-center gap-1">
<span className="font-mono text-base text-slate-900 dark:text-white"> <span className="text-base text-slate-900 dark:text-white">
{appVersion} {appVersion}
</span> </span>
{buildLabel && ( {buildLabel && (