From 76ae8322855197b621756315e67d44c322801ab6 Mon Sep 17 00:00:00 2001
From: boomzero <thomas_rainbowfish@icloud.com>
Date: Thu, 19 Feb 2026 16:27:43 +0800
Subject: [PATCH 1/3] Fix XSS vulnerability in post title rendering

Sanitize post title with escapeHTML() before inserting into innerHTML
to prevent script injection via crafted post titles.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 XMOJ.user.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/XMOJ.user.js b/XMOJ.user.js
index aba3fd3d..24ba886a 100644
--- a/XMOJ.user.js
+++ b/XMOJ.user.js
@@ -5202,7 +5202,7 @@ int main()
                                                     Delete.style.display = "";
                                                 }
                                             }
-                                            PostTitle.innerHTML = ResponseData.Data.Title + (ResponseData.Data.ProblemID == 0 ? "" : ` - 题目` + ` <a href="https://www.xmoj.tech/problem.php?id=` + ResponseData.Data.ProblemID + `">` + ResponseData.Data.ProblemID + `</a>`);
+                                            PostTitle.innerHTML = escapeHTML(ResponseData.Data.Title) + (ResponseData.Data.ProblemID == 0 ? "" : ` - 题目` + ` <a href="https://www.xmoj.tech/problem.php?id=` + ResponseData.Data.ProblemID + `">` + ResponseData.Data.ProblemID + `</a>`);
                                             document.title = "讨论" + ThreadID + ": " + ResponseData.Data.Title;
                                             PostAuthor.innerHTML = "<span></span>";
                                             GetUsernameHTML(PostAuthor.children[0], ResponseData.Data.UserID);

From eba35cdd8505cb988e3327c67260705c7cede75a Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions[bot]@users.noreply.github.com>
Date: Thu, 19 Feb 2026 08:28:53 +0000
Subject: [PATCH 2/3] 3.1.1

---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index 3f59d6be..62b60c53 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "xmoj-script",
-  "version": "3.1.0",
+  "version": "3.1.1",
   "description": "an improvement script for xmoj.tech",
   "main": "AddonScript.js",
   "scripts": {

From bc07e5763e541574de738d6e72fef03548e0bcc9 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions[bot]@users.noreply.github.com>
Date: Thu, 19 Feb 2026 08:28:59 +0000
Subject: [PATCH 3/3] Update version info to 3.1.1

---
 Update.json  | 11 +++++++++++
 XMOJ.user.js |  2 +-
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/Update.json b/Update.json
index fbf81e36..cc93908a 100644
--- a/Update.json
+++ b/Update.json
@@ -3348,6 +3348,17 @@
                 }
             ],
             "Notes": "v3 显然需要在新年第一天发布("
+        },
+        "3.1.1": {
+            "UpdateDate": 1771489733913,
+            "Prerelease": true,
+            "UpdateContents": [
+                {
+                    "PR": 910,
+                    "Description": "Fix XSS in post title rendering"
+                }
+            ],
+            "Notes": "Fixed a stored XSS vulnerability in discussion thread post titles."
         }
     }
 }
\ No newline at end of file
diff --git a/XMOJ.user.js b/XMOJ.user.js
index 24ba886a..0b120687 100644
--- a/XMOJ.user.js
+++ b/XMOJ.user.js
@@ -1,6 +1,6 @@
 // ==UserScript==
 // @name         XMOJ
-// @version      3.1.0
+// @version      3.1.1
 // @description  XMOJ增强脚本
 // @author       @XMOJ-Script-dev, @langningchen and the community
 // @namespace    https://github/langningchen