fix(kon): security audit fixes — CSP, XSS, unwraps, key rename
Security fixes from code audit:
- CSP re-enabled in tauri.conf.json with strict directives
(was null — critical vulnerability)
- XSS fix in viewer highlightText(): HTML entities escaped before
inserting <mark> tags via {@html}
- Removed 3 unwrap() calls in rule_based.rs British English conversion
— replaced with safe let-else guards
- Removed unwrap() on main window lookup in lib.rs setup — now uses
if-let for graceful handling
- Wrapped JSON.parse in DictationPage transcription-result listener
with try/catch
Rebrand cleanup:
- Renamed all localStorage keys from ramble_* to kon_* across
7 files (stores, viewer, float, history)
12 tests passing, clippy clean.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -34,15 +34,17 @@ pub fn run() {
|
||||
}
|
||||
|
||||
// Close-to-tray: hide window instead of exiting
|
||||
let main_window = app.get_webview_window("main").unwrap();
|
||||
let win = main_window.clone();
|
||||
main_window.on_window_event(move |event| {
|
||||
if let tauri::WindowEvent::CloseRequested { api, .. } = event
|
||||
{
|
||||
api.prevent_close();
|
||||
let _ = win.hide();
|
||||
}
|
||||
});
|
||||
if let Some(main_window) = app.get_webview_window("main") {
|
||||
let win = main_window.clone();
|
||||
main_window.on_window_event(move |event| {
|
||||
if let tauri::WindowEvent::CloseRequested { api, .. } =
|
||||
event
|
||||
{
|
||||
api.prevent_close();
|
||||
let _ = win.hide();
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
Ok(())
|
||||
})
|
||||
|
||||
Reference in New Issue
Block a user