sgh-navbar 0.1.3 → 0.1.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +24 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -679,8 +679,31 @@ npm publish
|
|
|
679
679
|
| 19 | 0.0.54 | Angular 19 support, Major fixes and improvements |
|
|
680
680
|
| 19 | 0.0.57 | Enhanced layout behavior, responsive design improvements |
|
|
681
681
|
| 19 | 0.0.58 | **Modern Toolbar Redesign** - Complete UI overhaul with glassmorphism, accessibility, and performance improvements |
|
|
682
|
+
| 19 | 0.1.4 | **Security Hardening** - Comprehensive security fixes including XSS prevention, input validation, and type safety |
|
|
682
683
|
|
|
683
|
-
### Latest Changes (v0.
|
|
684
|
+
### Latest Changes (v0.1.4) - Security Hardening
|
|
685
|
+
|
|
686
|
+
#### **Critical Security Fixes**
|
|
687
|
+
- **XSS Prevention**: Implemented `DomSanitizer` with `SecurityContext.HTML` for all dynamic HTML content rendering
|
|
688
|
+
- **Theme Validation**: Added strict theme whitelist to prevent CSS injection attacks via malicious theme values
|
|
689
|
+
- **URL Validation**: Image sources are now validated against a whitelist of allowed protocols (`http:`, `https:`, `data:`)
|
|
690
|
+
|
|
691
|
+
#### **Input Validation**
|
|
692
|
+
- **Dialog Data Validation**: Sub-client dialog now validates all input data with proper type checking
|
|
693
|
+
- **Null Safety**: Added comprehensive null checks throughout components to prevent runtime errors
|
|
694
|
+
- **Type-Safe Interfaces**: Replaced `any` types with proper TypeScript interfaces for better compile-time safety
|
|
695
|
+
|
|
696
|
+
#### **Code Quality Improvements**
|
|
697
|
+
- **Strict Equality**: Changed all loose equality checks (`==`) to strict equality (`===`)
|
|
698
|
+
- **Development Logging**: Console statements wrapped in `ngDevMode` checks for production builds
|
|
699
|
+
- **Input Sanitization**: All user-provided data is sanitized before rendering or processing
|
|
700
|
+
|
|
701
|
+
#### **Security Best Practices**
|
|
702
|
+
- Implemented defense-in-depth strategy with multiple validation layers
|
|
703
|
+
- Added proper error handling for malformed input data
|
|
704
|
+
- Enhanced type safety to catch potential issues at compile time
|
|
705
|
+
|
|
706
|
+
### Previous Changes (v0.0.58) - Modern Toolbar Redesign
|
|
684
707
|
|
|
685
708
|
#### **Complete Toolbar Overhaul**
|
|
686
709
|
- ✅ **Modern UI Design**: Complete redesign with glassmorphism and modern aesthetics
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "sgh-navbar",
|
|
3
|
-
"version": "0.1.
|
|
3
|
+
"version": "0.1.4",
|
|
4
4
|
"description": "A modern, responsive Angular navigation library with sidebar, toolbar, themes, notifications, and client management. Features glassmorphism design, accessibility support, and dark mode.",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"angular",
|