Merged
Conversation
CRITICAL FIXES: - Remove debug console logs from Editor.svelte, providers.ts, service-worker.js - Implement proper PBKDF2 key derivation in crypto/e2e.ts (100k iterations, SHA-256) - Remove non-functional passkey button from landing page - Fix XSS vulnerability in export (sanitize HTML before export) HIGH PRIORITY FIXES: - Add proper form labels with aria-label for accessibility - Add sr-only class for screen readers - Remove unused imports (Button, Card) from dashboard Security improvements: - Proper key derivation prevents brute force attacks - Removed debug logs prevent info leaks in production Note: Some callers of deriveKeyFromPassword still need to be updated to use await since the function is now async.
- Properly remove all debug console.log statements from Editor.svelte - Fix multiline console.log removal that was breaking syntax - Update deriveKeyFromPassword callers to use await: - note/[id]/+page.svelte: handlePasswordSubmit - notes.svelte.ts: protectNote function - Remove passkey button from landing page - Add accessibility labels to form inputs Build now passes successfully with 0 errors.
XSS Protection: - Add sanitizeHTML function to escape HTML special characters - Use sanitized title in export (prevents XSS in exported files) Editor Menu Fixes: - Replace CSS hover-based dropdowns with click-to-toggle menus - Add openMenu state to track which menu is open - Click outside or select menu item now closes dropdown - Menus now work properly on mobile and desktop Both fixes improve security and usability.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.