Security
- Bundle marked v12.0.2 and DOMPurify v3.3.1 locally (remove external CDN dependency)
- Add server-side dangerous command blocking (rm -rf, sudo rm, mkfs, dd, chmod 777, curl|sh, wget|sh)
- Remove external QR code API call that leaked authentication tokens
- Add prominent public Wi-Fi security warning to README
Changed
- Static library files (/lib/*.js) no longer require authentication token