🛡️ Sentinel: [CRITICAL] Fix Reflected XSS vulnerability

[LebToki]

🚨 Severity: CRITICAL
💡 Vulnerability: Reflected Cross-Site Scripting (XSS) via </script> tag injection. The $projectPath variable was embedded in JavaScript using addslashes(), which escapes quotes but fails to encode HTML tags, allowing script context breakout.
🎯 Impact: Attackers could execute arbitrary JavaScript in the user's session if they provide a crafted ?project= URL parameter.
🔧 Fix: Replaced addslashes with json_encode using the strictest hex flags (JSON_HEX_TAG | JSON_HEX_APOS | JSON_HEX_QUOT | JSON_HEX_AMP) to safely pass the PHP string into the JS engine.
✅ Verification: Ran php tests/SecurityTest.php to ensure no test regressions. Checked the journal entry is correctly appended.

---

PR created automatically by Jules for task 9130189002445258067 started by @LebToki

[google-labs-jules]

👋 Jules, reporting for duty! I'm here to lend a hand with this pull request.

When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down.

I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job!

For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with @jules. You can find this option in the Pull Request section of your global Jules UI settings. You can always switch back!

New to Jules? Learn more at jules.google/docs.

---

For security, I will only act on instructions from the user who triggered this task.

[codemaker-ai-app]

Hello from @codemakerai.

CodeMaker AI GitHub App integration.

Usage:

@codemakerai [command or prompt]

Assistant

All Assistant features are supported in GitHub. Assistant can answer general questions as well as questions directly
related to code. It also has code editing capabilities.

@codemakerai assistant prompt - the assistant prompt
@codemakerai prompt - the assistant prompt. Alias to assistant command.

Commands

Pull Request Commands - commands that can be posted as comments on the pull request:

@codemakerai help - prints this help message
@codemakerai review process - process the most recent code review and all it's comments
@codemakerai generate code [codepath] - generate code for all files in pull request, or only for matching code path.
@codemakerai generate docs [codepath] - generate documentation for all files in pull request, or only for matching code path.
@codemakerai replace code [codepath] - replace code for all files in pull request, or only for matching code path.
@codemakerai replace docs [codepath] - replace documentation for all files in pull request, or only for matching code path.
@codemakerai fix syntax - fixes the syntax in all files
@codemakerai commit undo - removes the most recent commit

Pull Request Code Review Commands - commands that can be posted as comments on the code review i.e. "Files changed" tab:

@codemakerai assistant prompt - the assistant prompt
@codemakerai explain - explains the code
@codemakerai review - reviews the code

Triggers

To automatically trigger certain actions on pull requests you can create and use the following GitHub labels.

codemakerai-pull-request-generate-documentation - automatically generates comments/documentation on Pull Request creation.
codemakerai-pull-request-syntax-autocorrection - automatically corrects syntax on Pull Request creation.
codemakerai-pull-request-review-process - automatically processes code review comments on Pull Request Review submission.

For in depth explanation of the features, please consult https://docs.codemaker.ai

In case of any issues please report them to https://community.codemaker.ai