pax/booru-viewer
1
0
Fork 0
Code Issues Releases 18 Activity
booru-viewer/booru_viewer/gui
History
pax b8cb47badb security: fix #6 — escape source via build_source_html in InfoPanel 
Replaces the inline f-string concatenation of post.source into the
RichText document with a call through build_source_html(), which
escapes both the href value and the visible display text.

Also escapes the filetype field for defense-in-depth — the value
comes from a parsed URL suffix (effectively booru-controlled) and
the previous code interpolated it raw.

Removes the dead duplicate setText() call that wrote a plain-text
version before being overwritten by the RichText version on the
next line.

Audit-Ref: SECURITY_AUDIT.md finding #6
Severity: Medium
2026-04-11 16:19:17 -05:00
..
media
security: fix #2 — wire hardened mpv options into _MpvGLWidget
2026-04-11 16:07:33 -05:00
popout
fix popout menu flash on wrong monitor and preview unsave button
2026-04-10 22:10:27 -05:00
__init__.py
Initial release — booru image viewer with Qt6 GUI and Textual TUI
2026-04-04 06:00:50 -05:00
_source_html.py
security: fix #6 — add pure source HTML escape helper
2026-04-11 16:19:06 -05:00
app_runtime.py
UI overhaul: icon buttons, video controls, popout anchor, layout flip, compact top bar
2026-04-10 19:58:11 -05:00
async_signals.py
signals: add categories_updated carrying a Post
2026-04-09 19:16:16 -05:00
bookmarks.py
bookmarks: await save_post_file (now async) via run_on_app_loop
2026-04-09 19:21:57 -05:00
context_menus.py
refactor: extract ContextMenuHandler from main_window.py
2026-04-10 15:15:21 -05:00
dialogs.py
Initial release — booru image viewer with Qt6 GUI and Textual TUI
2026-04-04 06:00:50 -05:00
grid.py
rubber band from cell padding with 30px drag threshold
2026-04-10 20:54:37 -05:00
info_panel.py
security: fix #6 — escape source via build_source_html in InfoPanel
2026-04-11 16:19:17 -05:00
library.py
library: fix thumbnail lookup for templated filenames
2026-04-09 23:04:02 -05:00
log_handler.py
Move LogHandler from app.py to log_handler.py (no behavior change)
2026-04-08 14:35:58 -05:00
main_window.py
skip media reload when clicking already-selected post
2026-04-10 20:10:04 -05:00
media_controller.py
fix: move PySide6 imports to lazy in controllers for CI compat
2026-04-10 15:39:50 -05:00
popout_controller.py
UI overhaul: icon buttons, video controls, popout anchor, layout flip, compact top bar
2026-04-10 19:58:11 -05:00
post_actions.py
add B/S keybinds to popout, refactor toggle_save
2026-04-10 18:32:57 -05:00
preview_pane.py
fix popout menu flash on wrong monitor and preview unsave button
2026-04-10 22:10:27 -05:00
privacy.py
refactor: extract PopoutController from main_window.py
2026-04-10 15:03:42 -05:00
search_controller.py
fix: move PySide6 imports to lazy in controllers for CI compat
2026-04-10 15:39:50 -05:00
search_state.py
Move SearchState from app.py to search_state.py (no behavior change)
2026-04-08 14:32:46 -05:00
search.py
add search history setting
2026-04-10 16:28:43 -05:00
settings.py
UI overhaul: icon buttons, video controls, popout anchor, layout flip, compact top bar
2026-04-10 19:58:11 -05:00
sites.py
Route async work through one persistent loop, lock shared httpx + DB writes
2026-04-07 17:24:23 -05:00
window_state.py
fix: move PySide6 imports to lazy in controllers for CI compat
2026-04-10 15:39:50 -05:00