mirror of
https://github.com/multica-ai/multica.git
synced 2026-07-05 21:39:54 +02:00
* fix: sanitize markdown rendering in comments and shared renderers Add rehype-sanitize to both ReadonlyContent and Markdown components so that raw HTML parsed by rehype-raw is sanitized against a strict allowlist before reaching the DOM. On the backend, add a bluemonday sanitization pass when creating and updating comments to strip dangerous tags as defense-in-depth. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: add mention:// protocol to sanitize allowlist and validate file card URLs - Add mention:// to rehype-sanitize protocols.href in both ReadonlyContent and Markdown so @mention links survive sanitization - Validate data-href on file cards to only allow http(s) URLs, blocking javascript: and data: schemes in both frontend click handler and backend bluemonday policy - Narrow class attribute allowlist to specific elements (code, div, span, pre) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
50 lines
2.2 KiB
Modula-2
50 lines
2.2 KiB
Modula-2
module github.com/multica-ai/multica/server
|
|
|
|
go 1.26.1
|
|
|
|
require (
|
|
github.com/aws/aws-sdk-go-v2 v1.41.5
|
|
github.com/aws/aws-sdk-go-v2/config v1.32.13
|
|
github.com/aws/aws-sdk-go-v2/credentials v1.19.13
|
|
github.com/aws/aws-sdk-go-v2/service/s3 v1.97.3
|
|
github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.41.5
|
|
github.com/go-chi/chi/v5 v5.2.5
|
|
github.com/go-chi/cors v1.2.2
|
|
github.com/golang-jwt/jwt/v5 v5.3.1
|
|
github.com/gorilla/websocket v1.5.3
|
|
github.com/jackc/pgx/v5 v5.8.0
|
|
github.com/lmittmann/tint v1.1.3
|
|
github.com/resend/resend-go/v2 v2.28.0
|
|
github.com/spf13/cobra v1.10.2
|
|
)
|
|
|
|
require (
|
|
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.8 // indirect
|
|
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.21 // indirect
|
|
github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.21 // indirect
|
|
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.21 // indirect
|
|
github.com/aws/aws-sdk-go-v2/internal/ini v1.8.6 // indirect
|
|
github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.22 // indirect
|
|
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.7 // indirect
|
|
github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.13 // indirect
|
|
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.21 // indirect
|
|
github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.21 // indirect
|
|
github.com/aws/aws-sdk-go-v2/service/signin v1.0.9 // indirect
|
|
github.com/aws/aws-sdk-go-v2/service/sso v1.30.14 // indirect
|
|
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.18 // indirect
|
|
github.com/aws/aws-sdk-go-v2/service/sts v1.41.10 // indirect
|
|
github.com/aws/smithy-go v1.24.2 // indirect
|
|
github.com/aymerick/douceur v0.2.0 // indirect
|
|
github.com/google/uuid v1.6.0 // indirect
|
|
github.com/gorilla/css v1.0.1 // indirect
|
|
github.com/inconshreveable/mousetrap v1.1.0 // indirect
|
|
github.com/jackc/pgpassfile v1.0.0 // indirect
|
|
github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 // indirect
|
|
github.com/jackc/puddle/v2 v2.2.2 // indirect
|
|
github.com/microcosm-cc/bluemonday v1.0.27 // indirect
|
|
github.com/spf13/pflag v1.0.9 // indirect
|
|
golang.org/x/net v0.26.0 // indirect
|
|
golang.org/x/sync v0.20.0 // indirect
|
|
golang.org/x/text v0.35.0 // indirect
|
|
)
|