stack

mosaic/stack

Fork 0

Commit Graph

Author	SHA1	Message	Date
Jason Woltje	6d92251fc1	fix(SEC-WEB-27+28): Robust email validation + role cast validation All checks were successful ci/woodpecker/push/woodpecker Pipeline was successful Details SEC-WEB-27: Replace weak email.includes('@') check with RFC 5322-aligned programmatic validation (isValidEmail). Uses character-level domain label validation to avoid ReDoS vulnerabilities from complex regex patterns. SEC-WEB-28: Replace unsafe 'as WorkspaceMemberRole' type casts with runtime validation (toWorkspaceMemberRole) that checks against known enum values and falls back to MEMBER for invalid inputs. Applied in both InviteMember.tsx and MemberList.tsx. Adds 43 tests covering validation logic, InviteMember component, and MemberList component behavior. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-06 15:40:05 -06:00

Author

SHA1

Message

Date

Jason Woltje

6d92251fc1

fix(SEC-WEB-27+28): Robust email validation + role cast validation

ci/woodpecker/push/woodpecker Pipeline was successful

Details

SEC-WEB-27: Replace weak email.includes('@') check with RFC 5322-aligned
programmatic validation (isValidEmail). Uses character-level domain label
validation to avoid ReDoS vulnerabilities from complex regex patterns.

SEC-WEB-28: Replace unsafe 'as WorkspaceMemberRole' type casts with
runtime validation (toWorkspaceMemberRole) that checks against known enum
values and falls back to MEMBER for invalid inputs. Applied in both
InviteMember.tsx and MemberList.tsx.

Adds 43 tests covering validation logic, InviteMember component, and
MemberList component behavior.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-02-06 15:40:05 -06:00

1 Commits