mbproxy: close out the dashboard code-review minor findings

Resolves the remaining Minor items from the 2026-05-15 review so the web-UI dashboard work has no open follow-ups: a real-HubConnection end-to-end test for the SignalR feed, stable mbproxy.admin.broadcast.* log-event names, keyboard/aria accessibility on the fleet table, frontend JS hardening (URL-decode guard, NaN guards, shared util.js), reconciler<->capture-registry coverage, throwing-sink and embedded-asset tests, broadcaster polish, and a soft upper bound on AdminPushIntervalMs. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-16 16:36:39 -04:00
parent 374eecd205
commit 0308490aef
21 changed files with 576 additions and 67 deletions
@@ -0,0 +1,20 @@
+/* ============================================================================
+   Shared helpers for the admin dashboard pages. Loaded before dashboard.js /
+   detail.js; each page's IIFE pulls these off window.mbproxyUtil so the HTML-
+   escaping logic has exactly one definition.
+   ========================================================================= */
+'use strict';
+
+(function () {
+  /** Escapes the three HTML-significant characters for safe text-node insertion. */
+  function escapeHtml(s) {
+    return String(s).replace(/[&<>]/g, c => ({ '&': '&amp;', '<': '&lt;', '>': '&gt;' }[c]));
+  }
+
+  /** Escapes a value for use inside a double-quoted HTML attribute. */
+  function escapeAttr(s) {
+    return escapeHtml(s).replace(/"/g, '&quot;');
+  }
+
+  window.mbproxyUtil = { escapeHtml, escapeAttr };
+})();