From 722b1740c612c6210effdc65b11cd8afa02a66d7 Mon Sep 17 00:00:00 2001
From: Broodje56 <200642566+Broodje565@users.noreply.github.com>
Date: Mon, 4 May 2026 21:51:37 +0200
Subject: [PATCH 1/2] Beta (#124)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Course translate (#119)

* add translations for almost everything

* add untranslated files

* format these files, part 1

* fix weird glitch

* translate everything now

* remove untranslated files md in folders where everything is already translated

* edit language logos and order

* Revert "translate everything now"

This reverts commit a38fba10c850459614e2a5245e813e475bbd0aa4.

* delete stuff

* add quiz translations

* oopsie i didnt mean to commit this

* finally fixed for real now

* Course translate (#120)

* add translations for almost everything

* add untranslated files

* format these files, part 1

* fix weird glitch

* translate everything now

* remove untranslated files md in folders where everything is already translated

* edit language logos and order

* Revert "translate everything now"

This reverts commit a38fba10c850459614e2a5245e813e475bbd0aa4.

* delete stuff

* add quiz translations

* oopsie i didnt mean to commit this

* finally fixed for real now

* fix an issue with the german ü

* fix the same issue part 2

* Fix security issues (#122)

* fix security issues

---------

Co-authored-by: super_man2775 <da.superman2775@gmail.com>
---
 banned.html                       |  9 +++++++--
 learn/ui/js/services/trialMode.js | 10 +++++++++-
 2 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/banned.html b/banned.html
index 658f5b44..e1d0e2d5 100644
--- a/banned.html
+++ b/banned.html
@@ -137,8 +137,13 @@ <h1>This account is banned</h1>
         reasonEl.textContent = `Reason: ${reason}`;
       }
 
-      if (appeal && /^https:\/\//i.test(appeal)) {
-        linkEl.href = appeal;
+      if (appeal) {
+        // Only allow passing a Discord invite code, not a full URL, to avoid open-redirects.
+        // Example: ?appeal=rKgF9s32EV
+        const inviteCode = appeal.replace(/^https?:\/\/(www\.)?discord\.gg\//i, '').trim();
+        if (/^[A-Za-z0-9-]{2,64}$/.test(inviteCode)) {
+          linkEl.href = `https://discord.gg/${inviteCode}`;
+        }
       }
     })();
   </script>
diff --git a/learn/ui/js/services/trialMode.js b/learn/ui/js/services/trialMode.js
index 61d0e938..39196fba 100644
--- a/learn/ui/js/services/trialMode.js
+++ b/learn/ui/js/services/trialMode.js
@@ -126,7 +126,15 @@ export function clearTrialSession() {
 }
 
 function generateSessionId() {
-  return `trial_${Date.now()}_${Math.random().toString(36).substring(2, 15)}`;
+  const cryptoObj = globalThis.crypto || globalThis.msCrypto;
+  if (!cryptoObj || typeof cryptoObj.getRandomValues !== 'function') {
+    throw new Error('Secure randomness unavailable (crypto.getRandomValues)');
+  }
+
+  const bytes = new Uint8Array(16);
+  cryptoObj.getRandomValues(bytes);
+  const hex = Array.from(bytes, (b) => b.toString(16).padStart(2, '0')).join('');
+  return `trial_${Date.now()}_${hex}`;
 }
 
 export function getTrialStats() {

From f6ac121c7cd58e97672f47c48b2461ea187fe2bf Mon Sep 17 00:00:00 2001
From: Broodje56 <200642566+Broodje565@users.noreply.github.com>
Date: Tue, 5 May 2026 19:33:28 +0200
Subject: [PATCH 2/2] Beta (#125)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Course translate (#119)

* add translations for almost everything

* add untranslated files

* format these files, part 1

* fix weird glitch

* translate everything now

* remove untranslated files md in folders where everything is already translated

* edit language logos and order

* Revert "translate everything now"

This reverts commit a38fba10c850459614e2a5245e813e475bbd0aa4.

* delete stuff

* add quiz translations

* oopsie i didnt mean to commit this

* finally fixed for real now

* Course translate (#120)

* add translations for almost everything

* add untranslated files

* format these files, part 1

* fix weird glitch

* translate everything now

* remove untranslated files md in folders where everything is already translated

* edit language logos and order

* Revert "translate everything now"

This reverts commit a38fba10c850459614e2a5245e813e475bbd0aa4.

* delete stuff

* add quiz translations

* oopsie i didnt mean to commit this

* finally fixed for real now

* fix an issue with the german ü

* fix the same issue part 2

* Fix security issues (#122)

* fix security issues

* chore: add consent lens verification meta tag to index.html

---------

Co-authored-by: super_man2775 <da.superman2775@gmail.com>
---
 index.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/index.html b/index.html
index 95f2eba5..1da0c349 100644
--- a/index.html
+++ b/index.html
@@ -13,7 +13,7 @@
   </script>
   <link rel="canonical" href="https://itlearn.be/">
   <link rel="icon" href="/favicon.ico" type="image/x-icon">
-
+  <meta name="consentlens-verification" content="cmosvqnz30006o101aojmkoji">
   <meta charset="utf-8" />
   <meta name="viewport" content="width=device-width,initial-scale=1" />
   <meta name="description" content="IT Learn: Learn programming for free, step by step.">