Corrigir 5 vulnerabilidades XSS no frontend

Sanitizar valores dinâmicos com escapeHtml em pontos que estavam sem proteção: tags no modal de agente, campo model no card, mensagens de toast, prompt do modal e expressão cron nos agendamentos.
2026-02-28 12:22:19 -03:00
parent b9681b6746
commit 2e14223dd4
4 changed files with 5 additions and 5 deletions
--- a/public/js/components/agents.js
+++ b/public/js/components/agents.js
@@ -119,7 +119,7 @@ const AgentsUI = {
          <div class="agent-meta">
            <span class="agent-meta-item">
              <i data-lucide="cpu"></i>
-              ${model}
+              ${Utils.escapeHtml(model)}
            </span>
            <span class="agent-meta-item">
              <i data-lucide="clock"></i>
@@ -241,7 +241,7 @@ const AgentsUI = {
      const tagsChips = document.getElementById('agent-tags-chips');
      if (tagsChips) {
        tagsChips.innerHTML = tags.map((t) =>
-          `<span class="tag-chip">${t}<button type="button" data-tag="${t}" class="tag-remove" aria-label="Remover tag ${t}">×</button></span>`
+          `<span class="tag-chip">${Utils.escapeHtml(t)}<button type="button" data-tag="${Utils.escapeHtml(t)}" class="tag-remove" aria-label="Remover tag ${Utils.escapeHtml(t)}">×</button></span>`
        ).join('');
      }