fix(transcription): cap @mention search input at maxlength=100

Soft-cap on the client side mitigates CWE-400 query amplification (server-side cap remains a separate backend PR). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-19 22:16:28 +02:00
parent 2556e7f5c8
commit 8052131576
2 changed files with 9 additions and 0 deletions
--- a/frontend/src/lib/shared/discussion/MentionDropdown.svelte
+++ b/frontend/src/lib/shared/discussion/MentionDropdown.svelte
@@ -166,6 +166,7 @@ function selectItem(item: Person) {
 				id="mention-search"
 				type="search"
 				data-test-search-input
+				maxlength="100"
 				class="min-h-[44px] w-full bg-transparent font-sans text-sm text-ink placeholder:text-ink-3 focus:outline-none focus-visible:ring-2 focus-visible:ring-brand-navy focus-visible:ring-inset"
 				placeholder={m.person_mention_search_prompt()}
 				bind:value={searchQuery}