public/code-crispies
2
1
Fork 0
Code Issues Pull Requests Actions Activity
Files
743060f71b3ed534621a0af2267571e618dd5b43
code-crispies/src
History
Michael Czechowski 743060f71b fix(security): sandbox preview iframes to prevent XSS 
Add sandbox='allow-scripts' to all preview iframes. This isolates
user-executed code from the parent page's localStorage (auth tokens),
cookies, and DOM. Switch from document.write() to srcdoc attribute
since sandboxed iframes can't use document.write().

Addresses SEC-1 (critical) from security audit.
2026-03-28 16:38:56 +01:00
..
config
feat: add Markdown learning module with 8 beginner lessons
2026-01-25 11:27:07 +01:00
helpers
chore: temporarily disable Tailwind CSS section
2026-01-25 15:40:53 +01:00
impl
fix(security): sandbox preview iframes to prevent XSS
2026-03-28 16:38:56 +01:00
app.js
chore: temporarily disable Tailwind CSS section
2026-01-25 15:40:53 +01:00
auth.js
feat: add lesson difficulty indicators and improve mobile sidebar
2026-01-16 21:47:47 +01:00
i18n.js
feat: add Markdown learning module with 8 beginner lessons
2026-01-25 11:27:07 +01:00
index.html
chore: temporarily disable Tailwind CSS section
2026-01-25 15:40:53 +01:00
main.css
test: add 182 new tests for router, sections, renderer, and validator
2026-03-28 16:14:52 +01:00
supabase.js
fix: use same button position/style for playground back button
2026-01-16 14:58:25 +01:00