@emilia-protocol/fire-drill 0.3.0 → 0.3.1

package/index.js

@@ -211,7 +211,13 @@ export function badgeSvg({ eg1, score, label = 'agent action firewall' } = {}) {
   const lw = segWidth(label);
   const mw = segWidth(message);
   const w = lw + mw;
-  const esc = (s) => String(s).replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;');
+  // Escape ALL XML-significant chars — including quotes — because `label`/`message`
+  // are interpolated into a double-quoted SVG attribute (aria-label). Missing the
+  // quote escape allowed attribute breakout / event-handler injection when the SVG
+  // is served as image/svg+xml from a public route.
+  const esc = (s) => String(s)
+    .replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;')
+    .replace(/"/g, '&quot;').replace(/'/g, '&#39;');
   return `<svg xmlns="http://www.w3.org/2000/svg" width="${w}" height="20" role="img" aria-label="${esc(label)}: ${esc(message)}">`
     + `<linearGradient id="s" x2="0" y2="100%"><stop offset="0" stop-color="#bbb" stop-opacity=".1"/><stop offset="1" stop-opacity=".1"/></linearGradient>`
     + `<rect rx="3" width="${w}" height="20" fill="#555"/>`

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@emilia-protocol/fire-drill",
-  "version": "0.3.0",
+  "version": "0.3.1",
   "description": "The Agent Action Firewall Test. Scan any MCP server manifest, OpenAPI spec, or tool list for dangerous actions an AI agent can take without an accountable human receipt — money movement, data destruction, production deploy, permission change, bulk export, regulated override. Reports an Agent Action Firewall score, the failing operations, the fix (EMILIA Gate), and EG-1 pass/fail. Static, zero-dependency, CI-friendly.",
   "license": "Apache-2.0",
   "type": "module",