code-dot-org icon indicating copy to clipboard operation
code-dot-org copied to clipboard

verified publisher icon code-dot-org

Metadata

The code powering code.org and studio.code.org

Results 992 code-dot-org issues
Sort by recently updated
recently updated
newest added

[DO NOT MERGE - Discussion Only] Ai chat google gemini models

6 comment

Hi All, I'm offering this PR for discussion/demo only. This PR modifies the first level of AI Chat so at minimum that would need to be removed but there are...

edcodedotorg avatar edcodedotorg

Fixing Files API Content-Distribution CRLF sandbox escape vulnerability

Fixes a sandbox bypass where an attacker can inject CRLF (`\r\n`) characters into the `Content-Disposition` header via a malicious file name. This allows user-supplied HTML to render directly within `studio.code.org`,...

unlox775-code-dot-org avatar unlox775-code-dot-org

bug-fix
security

WebLab (Files API): Server-side reject bad chars in filename

This PR closes the remaining portion of a security issue originally identified in [BC-72](https://codedotorg.atlassian.net/browse/BC-72), and follows up on the fix implemented in https://github.com/code-dot-org/code-dot-org/pull/66032. The prior fix ensured that dangerous characters...

unlox775-code-dot-org avatar unlox775-code-dot-org

chore(deps-dev): bump webpack-dev-server from 5.0.2 to 5.2.1 in /apps

1 comment

Bumps [webpack-dev-server](https://github.com/webpack/webpack-dev-server) from 5.0.2 to 5.2.1. Release notes Sourced from webpack-dev-server's releases. v5.2.1 5.2.1 (2025-03-26) Security cross-origin requests are not allowed unless allowed by Access-Control-Allow-Origin header requests with an IP...

dependabot[bot] avatar dependabot[bot]

dependencies
npm
minor

saving progress

## Links - Jira: ## Testing story ## Deployment strategy ## Follow-up work ## Privacy ## Security ## Caching ## PR Checklist: - [ ] Tests provide adequate coverage -...

mgc1194 avatar mgc1194

Replace older version history buttons with Design System buttons.

1 comment

This change updates the buttons in the Version History modal to use buttons from the Design System Component Library, which better matches the styling in other parts of the site:...

bryanbraun avatar bryanbraun

Use Ruby 3.1 in drone ci

## Links - Jira: ## Testing story ## Deployment strategy ## Follow-up work ## Privacy ## Security ## Caching ## PR Checklist: - [ ] Tests provide adequate coverage -...

Hamms avatar Hamms

Fix Violations of and Reenable `Naming/HeredocDelimiterNaming`

> Checks that your heredocs are using meaningful delimiters. By default it disallows ‘END` and `EO*`, and can be configured through forbidden listing additional delimiters. I updated these manually; most...

Hamms avatar Hamms

code-hygiene

cache node_modules in ci tests

## Links - Jira: ## Testing story ## Deployment strategy ## Follow-up work ## Privacy ## Security ## Caching ## PR Checklist: - [ ] Tests provide adequate coverage -...

Hamms avatar Hamms

chore(react): upgrade to 19

1 comment

## Links - Jira: ## Testing story ## Deployment strategy ## Follow-up work ## Privacy ## Security ## Caching ## PR Checklist: - [ ] Tests provide adequate coverage -...

stephenliang avatar stephenliang

Metadata

816
Stars
479
Forks
Watchers

Owner

verified publisher icon code-dot-org

Metadata

The code powering code.org and studio.code.org

Back