chore(release): set APP_VERSION to v1.9.9 [skip ci]

release(v1.9.9): fix(branding): sanitize custom logo URL
2025-11-17 02:31:19 +00:00 · 2025-11-16 21:31:08 -05:00
3 changed files with 21 additions and 2 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,16 @@
 # Changelog

+## Changes 11/16/2025 (v1.9.9)
+
+release(v1.9.9): fix(branding): sanitize custom logo URL preview
+
+- Sanitize branding.customLogoUrl on the server before writing siteConfig.json
+- Allow only http/https or site-relative paths; strip invalid/sneaky values
+- Update adminPanel.js live logo preview to set img src/alt safely
+- Addresses CodeQL XSS warning while keeping Pro branding logo overrides working
+
+---
+
 ## Changes 11/16/2025 (v1.9.8)

 release(v1.9.8): feat(pro): wire core to Pro licensing + branding hooks
--- a/public/js/adminPanel.js
+++ b/public/js/adminPanel.js
@@ -85,7 +85,15 @@ function updateHeaderLogoFromAdmin() {
      url = '/' + url;
    }

-    if (url) {
+    // ---- Sanitize URL (mirror AdminModel::sanitizeLogoUrl) ----
+    const isHttp = /^https?:\/\//i.test(url);
+    const isSiteRelative = url.startsWith('/') && !url.includes('://');
+
+    // Strip any CR/LF just in case
+    url = url.replace(/[\r\n]+/g, '');
+
+    if (url && (isHttp || isSiteRelative)) {
+      // safe enough for <img src="...">
      logoImg.setAttribute('src', url);
      logoImg.setAttribute('alt', 'Site logo');
    } else {
--- a/public/js/version.js
+++ b/public/js/version.js
@@ -1,2 +1,2 @@
 // generated by CI
-window.APP_VERSION = 'v1.9.8';
+window.APP_VERSION = 'v1.9.9';
Author	SHA1	Message	Date
github-actions[bot]	5613710411	chore(release): set APP_VERSION to v1.9.9 [skip ci]	2025-11-17 02:31:19 +00:00
Ryan	08f7ffccbc	release(v1.9.9): fix(branding): sanitize custom logo URL	2025-11-16 21:31:08 -05:00