egutierrez aab4f12fc4 fix(0128): XSS scheme allowlist + drop dead fileID ...

review findings:
- MessageBody: only http(s) and relative paths allowed for links;
  data:image/* allowed for inline images. Rejects javascript:,
  data:text/html, vbscript: which would execute via <a href>.
  Unsafe matches fall back to plain text.
- files.go: remove unused fileID var generated then discarded.

2026-05-27 11:04:20 +02:00

..

e2e

feat(kanban): bocadillo agente + PDF descargable en reporte diario (issue 0094)

2026-05-14 18:08:09 +02:00

src

fix(0128): XSS scheme allowlist + drop dead fileID

2026-05-27 11:04:20 +02:00

index.html

chore: sync from fn-registry agent

2026-05-06 19:04:45 +02:00

package.json

feat(kanban): requester input empty + keyboard nav (issue 0088)

2026-05-14 12:57:00 +02:00

playwright.config.ts

feat(kanban): requester input empty + keyboard nav (issue 0088)

2026-05-14 12:57:00 +02:00

pnpm-lock.yaml

feat(kanban): requester input empty + keyboard nav (issue 0088)

2026-05-14 12:57:00 +02:00

postcss.config.cjs

chore: sync from fn-registry agent

2026-05-06 19:04:45 +02:00

tsconfig.json

feat(kanban): deadlines en cards (context menu, badges, calendario, history)

2026-05-09 03:45:36 +02:00

vite.config.ts

fix(chat): vite proxy ws + e2e tests para chat WebSocket

2026-05-09 15:00:38 +02:00

vitest.config.ts

feat(kanban): requester input empty + keyboard nav (issue 0088)

2026-05-14 12:57:00 +02:00