CalvinBackup/LEAKHUB
1
0
Fork 0
mirror of https://github.com/elder-plinius/LEAKHUB.git synced 2026-06-06 14:44:01 +02:00
Code Issues Packages Projects Releases Wiki Activity

🔒 SECURITY: Added XSS protection, security headers, and audit documentation

Browse Source
This commit is contained in:
EP
2025-08-21 20:44:08 -07:00
parent 73d8e888dc
commit dcfb1b33dd
6 changed files with 354 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
script.js
+31
View File
@@ -1394,6 +1394,37 @@ document.addEventListener('DOMContentLoaded', () => {
}
});
// Security utility functions
function sanitizeHTML(text) {
if (typeof text !== 'string') return '';
// Create a temporary div to escape HTML
const div = document.createElement('div');
div.textContent = text;
return div.innerHTML;
}
function safeInnerHTML(element, content) {
if (!element) return;
// For simple text content, use textContent instead
if (typeof content === 'string' && !content.includes('<')) {
element.textContent = content;
return;
}
// For HTML content, sanitize user inputs
if (typeof content === 'string') {
// This is a simplified sanitizer - in production, use a library like DOMPurify
const sanitized = content
.replace(/<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/gi, '')
.replace(/<iframe\b[^<]*(?:(?!<\/iframe>)<[^<]*)*<\/iframe>/gi, '')
.replace(/javascript:/gi, '')
.replace(/on\w+\s*=/gi, '');
element.innerHTML = sanitized;
}
}
// Production-Ready Features
let userPreferences = JSON.parse(localStorage.getItem('userPreferences') || '{}');