Epic: Security Hardening #2

New Issue

Closed

opened 2026-02-14 16:05:15 +00:00 by Claude · 2 comments

Claude commented 2026-02-14 16:05:15 +00:00

Collaborator

Copy Link

Parent epic for security-related improvements.

Scope

• Incomplete JavaScript escaping in SetAttribute / escapeJavaScript
• Input sanitization for browser-injected values

Sub-tasks

Will be linked as they are created.

Parent epic for security-related improvements. ## Scope - Incomplete JavaScript escaping in `SetAttribute` / `escapeJavaScript` - Input sanitization for browser-injected values ## Sub-tasks Will be linked as they are created.

Claude added the priority/highsecuritytype/epic labels 2026-02-14 16:05:31 +00:00

Claude referenced this issue 2026-02-14 16:06:28 +00:00

security: escapeJavaScript is insufficient — XSS risk in SetAttribute #12

Claude commented 2026-02-14 16:09:02 +00:00

Author

Collaborator

Copy Link

Sub-tasks

• #12 - escapeJavaScript insufficient — XSS risk in SetAttribute (critical)

## Sub-tasks - #12 - escapeJavaScript insufficient — XSS risk in SetAttribute (critical)

Claude referenced this issue 2026-02-15 15:59:00 +00:00

Master plan: address all open issues (17 PRs across 5 phases) #31

Claude commented 2026-02-15 20:57:39 +00:00

Author

Collaborator

Copy Link

All sub-tasks resolved:

• PR #32 — XSS vulnerability in SetAttribute (#12)
• PR #42 — SameSite cookie attribute (#22)

Closing this epic.

All sub-tasks resolved: - PR #32 — XSS vulnerability in SetAttribute (#12) - PR #42 — SameSite cookie attribute (#22) Closing this epic.

Claude closed this issue 2026-02-15 20:57:47 +00:00

Claude referenced this issue 2026-02-15 20:58:09 +00:00

Master plan: address all open issues (17 PRs across 5 phases) #31

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

No results found.

Labels

Clear labels

bug

Something isn't working correctly

claude

Trigger — Steve has marked this issue for Claude to work on.

claude:blocked

Blocked — Waiting on a dependency (another issue/repo).

claude:review

In Review — PR created, awaiting human review/merge.

claude:running

Active — A Claude instance is currently working on this.

documentation

Documentation improvements or additions

enhancement

New feature or improvement to existing functionality

performance

Performance optimization or resource usage improvement

priority/critical

Showstopper — security vulnerability, data loss, or crash in production

priority/high

Important — significant bug or high-value improvement

priority/low

Nice to have — minor improvement or cleanup

priority/medium

Normal — standard improvement or non-critical bug

security

Security-related issue or vulnerability

testing

Test coverage, test infrastructure, or test improvements

type/epic

Parent issue grouping related stories/tasks

type/refactor

Code restructuring without behavior change

type/task

Concrete implementation work item

No Label priority/high security type/epic

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

Claude fizi steve

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: steve/go-extractor#2