marcel/familienarchiv
1
0
Fork 0
Code Issues 114 Pull Requests 3 Actions Packages Projects Releases Wiki Activity

chore(deps): add HTML sanitizers for Geschichten rich-text body

Browse Source 
Adds OWASP Java HTML Sanitizer on the backend and DOMPurify on the frontend.
Together with Tiptap on the writer side they form a defense-in-depth chain
against XSS in the new Geschichte body field (issue #381).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Marcel
2026-05-02 17:21:58 +02:00
parent db66d0cc61
commit f662bd870e
4 changed files with 46 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
frontend/package.json
View File

@@ -25,6 +25,7 @@
"@tiptap/extension-mention": "3.22.5",
"@tiptap/starter-kit": "3.22.5",
"diff": "^8.0.3",
"dompurify": "^3.4.2",
"openapi-fetch": "^0.13.5",
"pdfjs-dist": "^5.5.207"
},
@@ -41,6 +42,7 @@
"@tailwindcss/typography": "^0.5.19",
"@tailwindcss/vite": "^4.1.17",
"@types/diff": "^7.0.2",
"@types/dompurify": "^3.0.5",
"@types/node": "^24",
"@vitest/browser-playwright": "^4.0.10",
"@vitest/coverage-v8": "^4.1.0",