This repository has been archived on 2026-05-24. You can view files and clone it. You cannot open issues or pull requests or push a commit.

Test User f8ea417799 fix(GRO-642): sanitize logo MIME type to prevent XSS in data URL rendering ...

Add ALLOWED_LOGO_TYPES allowlist check before constructing data URL from
user-controlled logoBase64 and logoMimeType fields. Only MIME types that
the API explicitly accepts (image/png, image/jpeg, image/gif, image/webp,
image/svg+xml) can be rendered as data URLs.

Co-Authored-By: Paperclip <noreply@paperclip.ing>

2026-04-17 06:45:14 +00:00

..

e2e

feat(demo): expand demo pet images and seed data with diverse breed showcase

2026-04-02 12:15:21 +00:00

public

feat(GRO-395): expand demo pet image library with 23 additional unique dog images

2026-04-11 03:20:04 +00:00

src

fix(GRO-642): sanitize logo MIME type to prevent XSS in data URL rendering

2026-04-17 06:45:14 +00:00

.env.production

fix(web): set VITE_API_URL= empty for production builds

2026-03-29 10:24:21 +00:00

.eslintignore

feat(portal): replace mock data with real session-driven API calls (#152)

2026-03-29 07:08:35 +00:00

Dockerfile

feat(GRO-631): add Docker HEALTHCHECK and update .dockerignore

2026-04-14 15:47:06 +00:00

eslint.config.js

feat(portal): replace mock data with real session-driven API calls (#152)

2026-03-29 07:08:35 +00:00

index.html

Bootstrap monorepo: Hono API, React PWA, Drizzle DB, CI/CD

2026-03-17 16:11:04 +00:00

nginx.conf

feat(GRO-631): add security headers to nginx.conf

2026-04-14 16:10:04 +00:00

package.json

feat(GRO-607): Stripe Elements payment UI replacing mock flow

2026-04-14 08:27:03 +00:00

tsconfig.json

feat(portal): replace mock data with real session-driven API calls (#152)

2026-03-29 07:08:35 +00:00

vite.config.ts

fix(GRO-563): stabilize OAuth login - upgrade better-auth, fix service worker, add 503 handling

2026-04-11 20:35:10 +00:00

vitest.config.ts

fix(vitest): exclude node_modules and type tests from test discovery

2026-03-31 21:43:06 +00:00