c07db0b7460c738724d1b8ab6b9c561b7f2ec6e6
79%

Ran 05 May 2026 10:05AM UTC

Jobs 1

Files 474

Run time 1min

Badge

Embed ▾

Committed 05 May 2026 09:52AM UTC coverage: 79.271% (+0.03%) from 79.245%

Build # c07db0b7460c738724d1b8ab6b9c561b7f2ec6e6

Build Type

push

github

Committed by

web-flow

Commit Message

Prevent XSS in Monaco editor completions by escaping HTML (#3417)

* fix(security): escape completion names to prevent script injection XSS

PRODSEC-42

Completion names (from sources, endpoints, and alerts) were embedded
into a <script> block via Jason.encode!/1 with raw(), leaving sequences
like </script> unescaped. Switch to escape: :html_safe so <, >, /, &,
and = are unicode-escaped in the JSON output, neutralising any
script-breaking payload before it reaches the browser.

Adds a regression test that asserts </script> in a source name is
unicode-escaped and cannot break out of the script block.

https://claude.ai/code/session_013Fn6xnMTBQCf8P9ddUNLQE

* chore: fix string delimiter

* chore: fix failing test

Coverage Stats

1 of 1 new or added line in 1 file covered. (100.0%)

3 existing lines in 2 files now uncovered.

12291 of 15505 relevant lines covered (79.27%)

4886.81 hits per line

Coverage Regressions

Lines	Coverage	∆	File
2	86.02	-2.15%	lib/logflare/backends/buffer_producer.ex
1	30.77	-3.85%	lib/logflare/sources/source/text_notification_server.ex

Jobs

ID	Job ID	Ran	Files	Coverage
1	c07db0b7460c738724d1b8ab6b9c561b7f2ec6e6.1	05 May 2026 10:05AM UTC	474	79.27	GitHub Action Run

Logflare / logflare / c07db0b7460c738724d1b8ab6b9c561b7f2ec6e6
79%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

Coverage Regressions

Jobs

Source Files on build c07db0b7460c738724d1b8ab6b9c561b7f2ec6e6

Logflare / logflare / c07db0b7460c738724d1b8ab6b9c561b7f2ec6e6 79%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

Coverage Regressions

Jobs

Source Files on build c07db0b7460c738724d1b8ab6b9c561b7f2ec6e6

Logflare / logflare / c07db0b7460c738724d1b8ab6b9c561b7f2ec6e6
79%

README BADGES
x