memos-chrome-extension

deepDiverPaul/memos-chrome-extension

Fork 0

Commit Graph

Author SHA1 Message Date

Author	SHA1	Message	Date
Paul Spenke	ff14061dfd	Replace `marked.min.js` with the `marked` npm package and update all references accordingly.	2026-03-19 12:28:14 +01:00
Paul Spenke	4355fa78fa	update attachent upload	2026-03-18 19:33:09 +01:00
Paul Spenke	84b3dd69f1	Fix security bugs and migrate image uploads to /api/v1/attachments * Replace /api/v1/resources with /api/v1/attachments for image uploads * Upload attachments as JSON with base64-encoded content field * After memo creation, link each attachment via PATCH /api/v1/attachments/{id} * Rewrite markdown image URLs to use /file/attachments/{id} pattern * Fix XSS: sanitize marked.parse output with a DOM-based allowlist sanitizer * Fix SSRF: validate img.src scheme (http/https only) before fetching * Fix stack overflow: use chunked base64 encoding for large images * Update CLAUDE.md to document new attachment flow	2026-03-18 17:55:04 +01:00

Paul Spenke

ff14061dfd

Replace marked.min.js with the marked npm package and update all references accordingly.

2026-03-19 12:28:14 +01:00

Paul Spenke

4355fa78fa

update attachent upload

2026-03-18 19:33:09 +01:00

Paul Spenke

84b3dd69f1

Fix security bugs and migrate image uploads to /api/v1/attachments

* Replace /api/v1/resources with /api/v1/attachments for image uploads
* Upload attachments as JSON with base64-encoded content field
* After memo creation, link each attachment via PATCH /api/v1/attachments/{id}
* Rewrite markdown image URLs to use /file/attachments/{id} pattern
* Fix XSS: sanitize marked.parse output with a DOM-based allowlist sanitizer
* Fix SSRF: validate img.src scheme (http/https only) before fetching
* Fix stack overflow: use chunked base64 encoding for large images
* Update CLAUDE.md to document new attachment flow

2026-03-18 17:55:04 +01:00

3 Commits