Skip to content

Fix dashboard XSS and silent error handling#40

Merged
CalebisGross merged 1 commit intomainfrom
fix/dashboard-xss-and-error-handling
Mar 10, 2026
Merged

Fix dashboard XSS and silent error handling#40
CalebisGross merged 1 commit intomainfrom
fix/dashboard-xss-and-error-handling

Conversation

@CalebisGross
Copy link
Copy Markdown
Collaborator

@CalebisGross CalebisGross commented Mar 10, 2026

Summary

Closes #4, closes #5

Test plan

  • Open dashboard, verify episodes/patterns/abstractions render correctly
  • Hover graph nodes — tooltip should display escaped content
  • Click a graph node — detail panel meta and connections should render safely
  • Stop the mnemonic server, reload dashboard — verify error toasts appear for failed loads
  • Check browser console for logged errors instead of silent swallowing

🤖 Generated with Claude Code

@CalebisGross @claude
Fix dashboard XSS and silent error handling (#4, #5)
0bc2c0a 
Sanitize all innerHTML insertions that used raw server data without
escapeHtml() — episode/pattern/abstraction badges, graph tooltips,
detail panel meta, and connection labels.

Replace empty catch blocks with console.error logging and user-visible
toast notifications where appropriate.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@CalebisGross CalebisGross merged commit 57004da into main Mar 10, 2026
3 checks passed
@CalebisGross CalebisGross deleted the fix/dashboard-xss-and-error-handling branch March 10, 2026 14:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Empty catch blocks silently swallow errors in dashboard Dashboard chat panel uses innerHTML without consistent sanitization (XSS)

1 participant

@CalebisGross