[WEB-7887] fix(security): prevent stored XSS via SVG attachment served inline (GHSA-ch8j-vr4r-qf6h)#9312

Open

mguptahub wants to merge 2 commits into

web-7887/svg-attachment-xss

Commits on Jun 25, 2026

[WEB-7887] fix(security): prevent stored XSS via SVG attachment served inline (GHSA-ch8j-vr4r-qf6h)

mguptahub
and
Plane AI
committed
[WEB-7887] fix: normalize MIME type before SCRIPT_CAPABLE_MIME_TYPES check

mguptahub
and
Plane AI
committed