MAESTRO: Add DOMPurify XSS defense-in-depth to TerminalPreview (closes PR #896)

Browse Source

PR #896 identified a valid XSS concern in TerminalPreview.tsx but was
broken (missing DOMPurify import and dependency). The existing
escapeXML:true on AnsiToHtml already mitigates the vector, but
DOMPurify adds defense-in-depth sanitization.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

...

This commit is contained in:

Alex Newman

2026-02-05 18:14:46 -05:00

parent e6af8d207a

commit d0b4c7ee59

5 changed files with 27 additions and 14 deletions

Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL

Download Patch File Download Diff File Expand all files Collapse all files

plugin/scripts/worker-service.cjs

+1 -1

File diff suppressed because one or more lines are too long