analytics icon indicating copy to clipboard operation
analytics copied to clipboard
verified publisher icon Rello

Implement XSS mitigations for report and dataload names

Open Rello opened this issue 1 month ago • 0 comments

Summary

  • add a SECURITY_REVIEW describing stored XSS vectors in dataset status and dataload views with mitigation recommendations
  • escape rendered report and dataload names and sanitize stored names when creating, updating, copying, or importing reports and dataloads
  • update the changelog to record the new security fixes and review documentation

Testing

  • Not run (not requested)

Codex Task

Rello avatar Dec 19 '25 08:12 Rello