memos-chrome-extension

deepDiverPaul/memos-chrome-extension

Fork 0

Commit Graph

Author	SHA1	Message	Date
Paul Spenke	84b3dd69f1	Fix security bugs and migrate image uploads to /api/v1/attachments * Replace /api/v1/resources with /api/v1/attachments for image uploads * Upload attachments as JSON with base64-encoded content field * After memo creation, link each attachment via PATCH /api/v1/attachments/{id} * Rewrite markdown image URLs to use /file/attachments/{id} pattern * Fix XSS: sanitize marked.parse output with a DOM-based allowlist sanitizer * Fix SSRF: validate img.src scheme (http/https only) before fetching * Fix stack overflow: use chunked base64 encoding for large images * Update CLAUDE.md to document new attachment flow	2026-03-18 17:55:04 +01:00

Author

SHA1

Message

Date

Paul Spenke

84b3dd69f1

Fix security bugs and migrate image uploads to /api/v1/attachments

* Replace /api/v1/resources with /api/v1/attachments for image uploads
* Upload attachments as JSON with base64-encoded content field
* After memo creation, link each attachment via PATCH /api/v1/attachments/{id}
* Rewrite markdown image URLs to use /file/attachments/{id} pattern
* Fix XSS: sanitize marked.parse output with a DOM-based allowlist sanitizer
* Fix SSRF: validate img.src scheme (http/https only) before fetching
* Fix stack overflow: use chunked base64 encoding for large images
* Update CLAUDE.md to document new attachment flow

2026-03-18 17:55:04 +01:00

1 Commits