From f662bd870e4b1f3dbb13577163de100f2ca37d2a Mon Sep 17 00:00:00 2001
From: Marcel <marcel@familienarchiv>
Date: Sat, 2 May 2026 17:21:58 +0200
Subject: [PATCH] chore(deps): add HTML sanitizers for Geschichten rich-text
 body

Adds OWASP Java HTML Sanitizer on the backend and DOMPurify on the frontend.
Together with Tiptap on the writer side they form a defense-in-depth chain
against XSS in the new Geschichte body field (issue #381).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---
 backend/pom.xml            |  7 +++++++
 frontend/package-lock.json | 23 ++++++++++++++++++++++-
 frontend/package.json      |  2 ++
 frontend/yarn.lock         | 16 +++++++++++++++-
 4 files changed, 46 insertions(+), 2 deletions(-)

diff --git a/backend/pom.xml b/backend/pom.xml
index 5a733e76..6c415956 100644
--- a/backend/pom.xml
+++ b/backend/pom.xml
@@ -177,6 +177,13 @@
 			<artifactId>imageio-tiff</artifactId>
 			<version>3.12.0</version>
 		</dependency>
+
+		<!-- HTML sanitization for Geschichten rich-text body (defense-in-depth alongside Tiptap on the client) -->
+		<dependency>
+			<groupId>com.googlecode.owasp-java-html-sanitizer</groupId>
+			<artifactId>owasp-java-html-sanitizer</artifactId>
+			<version>20240325.1</version>
+		</dependency>
 	</dependencies>
 
 
diff --git a/frontend/package-lock.json b/frontend/package-lock.json
index e39be73d..d54afd27 100644
--- a/frontend/package-lock.json
+++ b/frontend/package-lock.json
@@ -12,6 +12,7 @@
 				"@tiptap/extension-mention": "3.22.5",
 				"@tiptap/starter-kit": "3.22.5",
 				"diff": "^8.0.3",
+				"dompurify": "^3.4.2",
 				"openapi-fetch": "^0.13.5",
 				"pdfjs-dist": "^5.5.207"
 			},
@@ -28,6 +29,7 @@
 				"@tailwindcss/typography": "^0.5.19",
 				"@tailwindcss/vite": "^4.1.17",
 				"@types/diff": "^7.0.2",
+				"@types/dompurify": "^3.0.5",
 				"@types/node": "^24",
 				"@vitest/browser-playwright": "^4.0.10",
 				"@vitest/coverage-v8": "^4.1.0",
@@ -2620,6 +2622,16 @@
 			"dev": true,
 			"license": "MIT"
 		},
+		"node_modules/@types/dompurify": {
+			"version": "3.0.5",
+			"resolved": "https://registry.npmjs.org/@types/dompurify/-/dompurify-3.0.5.tgz",
+			"integrity": "sha512-1Wg0g3BtQF7sSb27fJQAKck1HECM6zV1EB66j8JH9i3LCjYabJa0FSdiSgsD5K/RbrsR0SiraKacLB+T8ZVYAg==",
+			"dev": true,
+			"license": "MIT",
+			"dependencies": {
+				"@types/trusted-types": "*"
+			}
+		},
 		"node_modules/@types/estree": {
 			"version": "1.0.8",
 			"resolved": "https://registry.npmjs.org/@types/estree/-/estree-1.0.8.tgz",
@@ -2655,7 +2667,7 @@
 			"version": "2.0.7",
 			"resolved": "https://registry.npmjs.org/@types/trusted-types/-/trusted-types-2.0.7.tgz",
 			"integrity": "sha512-ScaPdn1dQczgbl0QFTeTOmVHFULt394XJgOQNoyVhZ6r2vLnMLJfBPd53SB52T/3G36VI1/g2MZaX0cwDuXsfw==",
-			"dev": true,
+			"devOptional": true,
 			"license": "MIT"
 		},
 		"node_modules/@typescript-eslint/eslint-plugin": {
@@ -3584,6 +3596,15 @@
 				"node": ">=0.3.1"
 			}
 		},
+		"node_modules/dompurify": {
+			"version": "3.4.2",
+			"resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.4.2.tgz",
+			"integrity": "sha512-lHeS9SA/IKeIFFyYciHBr2n0v1VMPlSj843HdLOwjb2OxNwdq9Xykxqhk+FE42MzAdHvInbAolSE4mhahPpjXA==",
+			"license": "(MPL-2.0 OR Apache-2.0)",
+			"optionalDependencies": {
+				"@types/trusted-types": "^2.0.7"
+			}
+		},
 		"node_modules/enhanced-resolve": {
 			"version": "5.20.0",
 			"resolved": "https://registry.npmjs.org/enhanced-resolve/-/enhanced-resolve-5.20.0.tgz",
diff --git a/frontend/package.json b/frontend/package.json
index 542411e8..ad6083cd 100644
--- a/frontend/package.json
+++ b/frontend/package.json
@@ -25,6 +25,7 @@
 		"@tiptap/extension-mention": "3.22.5",
 		"@tiptap/starter-kit": "3.22.5",
 		"diff": "^8.0.3",
+		"dompurify": "^3.4.2",
 		"openapi-fetch": "^0.13.5",
 		"pdfjs-dist": "^5.5.207"
 	},
@@ -41,6 +42,7 @@
 		"@tailwindcss/typography": "^0.5.19",
 		"@tailwindcss/vite": "^4.1.17",
 		"@types/diff": "^7.0.2",
+		"@types/dompurify": "^3.0.5",
 		"@types/node": "^24",
 		"@vitest/browser-playwright": "^4.0.10",
 		"@vitest/coverage-v8": "^4.1.0",
diff --git a/frontend/yarn.lock b/frontend/yarn.lock
index 91d23d4b..dd92428f 100644
--- a/frontend/yarn.lock
+++ b/frontend/yarn.lock
@@ -691,6 +691,13 @@
   resolved "https://registry.npmjs.org/@types/diff/-/diff-7.0.2.tgz"
   integrity sha512-JSWRMozjFKsGlEjiiKajUjIJVKuKdE3oVy2DNtK+fUo8q82nhFZ2CPQwicAIkXrofahDXrWJ7mjelvZphMS98Q==
 
+"@types/dompurify@^3.0.5":
+  version "3.0.5"
+  resolved "https://registry.npmjs.org/@types/dompurify/-/dompurify-3.0.5.tgz"
+  integrity sha512-1Wg0g3BtQF7sSb27fJQAKck1HECM6zV1EB66j8JH9i3LCjYabJa0FSdiSgsD5K/RbrsR0SiraKacLB+T8ZVYAg==
+  dependencies:
+    "@types/trusted-types" "*"
+
 "@types/estree@*", "@types/estree@^1.0.0", "@types/estree@^1.0.5", "@types/estree@^1.0.6", "@types/estree@1.0.8":
   version "1.0.8"
   resolved "https://registry.npmjs.org/@types/estree/-/estree-1.0.8.tgz"
@@ -713,7 +720,7 @@
   resolved "https://registry.npmjs.org/@types/resolve/-/resolve-1.20.2.tgz"
   integrity sha512-60BCwRFOZCQhDncwQdxxeOEEkbc5dIMccYLwbxsS4TUNeVECQ/pBJ0j09mrHOl/JJvpRPGwO9SvE4nR2Nb/a4Q==
 
-"@types/trusted-types@^2.0.7":
+"@types/trusted-types@*", "@types/trusted-types@^2.0.7":
   version "2.0.7"
   resolved "https://registry.npmjs.org/@types/trusted-types/-/trusted-types-2.0.7.tgz"
   integrity sha512-ScaPdn1dQczgbl0QFTeTOmVHFULt394XJgOQNoyVhZ6r2vLnMLJfBPd53SB52T/3G36VI1/g2MZaX0cwDuXsfw==
@@ -1162,6 +1169,13 @@ diff@^8.0.3:
   resolved "https://registry.npmjs.org/diff/-/diff-8.0.3.tgz"
   integrity sha512-qejHi7bcSD4hQAZE0tNAawRK1ZtafHDmMTMkrrIGgSLl7hTnQHmKCeB45xAcbfTqK2zowkM3j3bHt/4b/ARbYQ==
 
+dompurify@^3.4.2:
+  version "3.4.2"
+  resolved "https://registry.npmjs.org/dompurify/-/dompurify-3.4.2.tgz"
+  integrity sha512-lHeS9SA/IKeIFFyYciHBr2n0v1VMPlSj843HdLOwjb2OxNwdq9Xykxqhk+FE42MzAdHvInbAolSE4mhahPpjXA==
+  optionalDependencies:
+    "@types/trusted-types" "^2.0.7"
+
 enhanced-resolve@^5.19.0:
   version "5.20.0"
   resolved "https://registry.npmjs.org/enhanced-resolve/-/enhanced-resolve-5.20.0.tgz"