Skip to content

Add notes entry option to transactions #44

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
abiteman merged 2 commits into from
Jul 1, 2025
Merged

Add notes entry option to transactions #44

abiteman merged 2 commits into from
Jul 1, 2025

Conversation

@abiteman
Copy link
Contributor

@abiteman abiteman commented Jul 1, 2025
edited
Loading

Add a "Notes" entry option to transactions to allow users to add additional context and details. Fixes #41

@abiteman
Copy link
Contributor Author

abiteman commented Jul 1, 2025

bugbot run

@abiteman abiteman self-assigned this Jul 1, 2025
@abiteman abiteman requested a review from gitmotion July 1, 2025 03:01
cursor[bot]
cursor bot reviewed Jul 1, 2025
View reviewed changes
Copy link

@cursor cursor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: XSS via DOM Injection

XSS vulnerability: The notes field content is directly inserted into the DOM without HTML escaping, allowing user-provided malicious HTML or JavaScript to be executed when transactions are displayed.

public/script.js#L361-L362

DumbBudget/public/script.js

Lines 361 to 362 in f683c91

<div class="description">${transaction.description}</div>
${transaction.notes ? `<div class="notes">${transaction.notes}</div>` : ''}

Fix in Cursor

BugBot free trial expires on July 22, 2025
You have used $0.00 of your $20.00 spend limit so far. Manage your spend limit in the Cursor dashboard.

Was this report helpful? Give feedback by reacting with 👍 or 👎

@abiteman abiteman merged commit d44543b into main Jul 1, 2025
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

+1 more reviewer

@gitmotion gitmotion gitmotion approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@abiteman abiteman

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add Invoice Number or Receipt Number as an expense input.

4 participants

@abiteman @gitmotion @cursoragent