timepulse

chris/timepulse

Fork 0

Commit Graph

Author	SHA1	Message	Date
chris	a8b1c68d97	feat: fix double punch, XSS, add log filtering and Easter egg - Fix duplicate clock-in: server-side BEGIN IMMEDIATE transaction + client-side punchInFlight guard - Fix accumulating event listeners: switch persistent containers to onclick property assignment - Remove insecure JWT_SECRET fallback; server refuses to start without it set - Add escapeHtml and apply it throughout all innerHTML template literals (XSS prevention) - Fix calendar iframe URL injection by assigning iframe.src directly - Add status validation on time-off status update endpoint - Add date range filtering to admin logs tab and employee time log - Replace Konami code Easter egg with 7-tap logo trigger (works on all devices) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-28 16:42:34 -04:00
chris	efc29f199a	update message timeout	2025-08-09 20:42:54 -04:00
chris	8e1622fad0	off load js and css	2025-08-08 20:36:21 -04:00

Author

SHA1

Message

Date

chris

a8b1c68d97

feat: fix double punch, XSS, add log filtering and Easter egg

- Fix duplicate clock-in: server-side BEGIN IMMEDIATE transaction + client-side punchInFlight guard
- Fix accumulating event listeners: switch persistent containers to onclick property assignment
- Remove insecure JWT_SECRET fallback; server refuses to start without it set
- Add escapeHtml and apply it throughout all innerHTML template literals (XSS prevention)
- Fix calendar iframe URL injection by assigning iframe.src directly
- Add status validation on time-off status update endpoint
- Add date range filtering to admin logs tab and employee time log
- Replace Konami code Easter egg with 7-tap logo trigger (works on all devices)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-05-28 16:42:34 -04:00

chris

efc29f199a

update message timeout

2025-08-09 20:42:54 -04:00

chris

8e1622fad0

off load js and css

2025-08-08 20:36:21 -04:00

3 Commits