Merge commit from fork

* Security: prevent XSS with storage path template rendering * Security: prevent XSS svg uploads * Security: force attachment disposition for logo * Add suggestions from code review * Improve SVG validation with allowlist for tags and attributes
2025-08-28 01:26:14 +00:00 · 2025-08-16 07:34:00 -07:00
parent 42bdbc1b2d
commit b1c406680f
9 changed files with 179 additions and 10 deletions
--- a/src-ui/src/app/components/manage/storage-path-list/storage-path-list.component.ts
+++ b/src-ui/src/app/components/manage/storage-path-list/storage-path-list.component.ts
@@ -48,10 +48,10 @@ export class StoragePathListComponent extends ManagementListComponent<StoragePat
      {
        key: 'path',
        name: $localize`Path`,
-        rendersHtml: true,
        hideOnMobile: true,
+        monospace: true,
        valueFn: (c: StoragePath) => {
-          return `<code>${c.path?.slice(0, 49)}${c.path?.length > 50 ? '...' : ''}</code>`
+          return `${c.path?.slice(0, 49)}${c.path?.length > 50 ? '...' : ''}`
        },
      },
    ]