Commits · bf6fe5e9626c2f32ef5d12cc86003f5c9585c1fd · 陈曦 / sub2api

02 Mar, 2026 2 commits

fix: custom menu security hardening and code quality improvements · bf6fe5e9

erio authored Mar 03, 2026



- Add admin menu permission check in CustomPageView (visibility + role)
- Sanitize SVG content with DOMPurify before v-html rendering (XSS prevention)
- Decouple router.go from dto package using anonymous struct
- Consolidate duplicate parseCustomMenuItems into dto.ParseCustomMenuItems
- Enhance menu item validation (count, length, ID uniqueness limits)
- Add audit logging for purchase_subscription and custom_menu_items changes
- Update API contract test to include custom_menu_items field
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

bf6fe5e9

feat: custom menu pages with iframe embedding and CSP injection · 067810fa

erio authored Mar 02, 2026



Add configurable custom menu items that appear in sidebar, each rendering
an iframe-embedded external page. Includes shared URL builder with
src_host/src_url tracking, CSP frame-src multi-origin deduplication,
admin settings UI, and i18n support.

chore: bump version to 0.1.87.19
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

067810fa

28 Feb, 2026 2 commits
- refactor(purchase): use URL/searchParams only for purchase query merge · fcc77d13
  erio authored Mar 01, 2026
  
  fcc77d13
- feat(frontend): append purchase query params and make integration doc bilingual · 2e88e230
  erio authored Mar 01, 2026
  
  2e88e230
02 Feb, 2026 1 commit
- merge upstream main · 0170d19f
  song authored Feb 02, 2026
  
  0170d19f
28 Jan, 2026 1 commit

feat(purchase): 增加购买订阅 iframe 页面与配置 · 04a509d4

ducky authored Jan 28, 2026

- 新增 /purchase 页面（iframe + 新窗口兜底）

- 管理员系统设置可配置开关与URL

- 非 simple mode 才在侧边栏展示入口

04a509d4