aevgarik/paperclip
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add sanitization for SVG uploads and enhance security headers for asset responses

Browse Source 
- Introduced SVG sanitization using `dompurify` to prevent malicious content.
- Updated tests to validate SVG sanitization with various scenarios.
- Enhanced response headers for assets, adding CSP and nosniff for SVGs.
- Adjusted UI to better clarify supported file types for logo uploads.
- Updated dependencies to include `jsdom` and `dompurify`.
This commit is contained in:
JonCSykes
2026-03-06 17:18:43 -05:00
parent 1448b55ca4
commit a4702e48f9
6 changed files with 569 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
ui/src/pages/CompanySettings.tsx
View File

@@ -278,12 +278,12 @@ export function CompanySettings() {
<div className="flex-1 space-y-3">
<Field
label="Logo"
hint="Upload a logo image to replace the generated icon. Maximum size: 100 KB."
hint="Upload a PNG, JPEG, WEBP, GIF, or SVG logo image. Maximum size: 100 KB."
>
<div className="space-y-2">
<input
type="file"
accept="image/*,image/svg+xml"
accept="image/png,image/jpeg,image/webp,image/gif,image/svg+xml"
onChange={handleLogoFileChange}
className="w-full rounded-md border border-border bg-transparent px-2.5 py-1.5 text-sm outline-none file:mr-4 file:rounded-md file:border-0 file:bg-muted file:px-2.5 file:py-1 file:text-xs"
/>