marcel/familienarchiv
1
0
Fork 0
Code Issues 105 Pull Requests 2 Actions Packages Projects Releases Wiki Activity

chore(deps): add HTML sanitizers for Geschichten rich-text body

Browse Source 
Adds OWASP Java HTML Sanitizer on the backend and DOMPurify on the frontend.
Together with Tiptap on the writer side they form a defense-in-depth chain
against XSS in the new Geschichte body field (issue #381).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Marcel
2026-05-02 17:21:58 +02:00
parent db66d0cc61
commit f662bd870e
4 changed files with 46 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
frontend/yarn.lock
View File

@@ -691,6 +691,13 @@
resolved "https://registry.npmjs.org/@types/diff/-/diff-7.0.2.tgz"
integrity sha512-JSWRMozjFKsGlEjiiKajUjIJVKuKdE3oVy2DNtK+fUo8q82nhFZ2CPQwicAIkXrofahDXrWJ7mjelvZphMS98Q==
"@types/dompurify@^3.0.5":
version "3.0.5"
resolved "https://registry.npmjs.org/@types/dompurify/-/dompurify-3.0.5.tgz"
integrity sha512-1Wg0g3BtQF7sSb27fJQAKck1HECM6zV1EB66j8JH9i3LCjYabJa0FSdiSgsD5K/RbrsR0SiraKacLB+T8ZVYAg==
dependencies:
"@types/trusted-types" "*"
"@types/estree@*", "@types/estree@^1.0.0", "@types/estree@^1.0.5", "@types/estree@^1.0.6", "@types/estree@1.0.8":
version "1.0.8"
resolved "https://registry.npmjs.org/@types/estree/-/estree-1.0.8.tgz"
@@ -713,7 +720,7 @@
resolved "https://registry.npmjs.org/@types/resolve/-/resolve-1.20.2.tgz"
integrity sha512-60BCwRFOZCQhDncwQdxxeOEEkbc5dIMccYLwbxsS4TUNeVECQ/pBJ0j09mrHOl/JJvpRPGwO9SvE4nR2Nb/a4Q==
"@types/trusted-types@^2.0.7":
"@types/trusted-types@*", "@types/trusted-types@^2.0.7":
version "2.0.7"
resolved "https://registry.npmjs.org/@types/trusted-types/-/trusted-types-2.0.7.tgz"
integrity sha512-ScaPdn1dQczgbl0QFTeTOmVHFULt394XJgOQNoyVhZ6r2vLnMLJfBPd53SB52T/3G36VI1/g2MZaX0cwDuXsfw==
@@ -1162,6 +1169,13 @@ diff@^8.0.3:
resolved "https://registry.npmjs.org/diff/-/diff-8.0.3.tgz"
integrity sha512-qejHi7bcSD4hQAZE0tNAawRK1ZtafHDmMTMkrrIGgSLl7hTnQHmKCeB45xAcbfTqK2zowkM3j3bHt/4b/ARbYQ==
dompurify@^3.4.2:
version "3.4.2"
resolved "https://registry.npmjs.org/dompurify/-/dompurify-3.4.2.tgz"
integrity sha512-lHeS9SA/IKeIFFyYciHBr2n0v1VMPlSj843HdLOwjb2OxNwdq9Xykxqhk+FE42MzAdHvInbAolSE4mhahPpjXA==
optionalDependencies:
"@types/trusted-types" "^2.0.7"
enhanced-resolve@^5.19.0:
version "5.20.0"
resolved "https://registry.npmjs.org/enhanced-resolve/-/enhanced-resolve-5.20.0.tgz"