familienarchiv

marcel/familienarchiv

Fork 0

Commit Graph

Author	SHA1	Message	Date
Marcel	ad535e314b	refactor(extract-text): rename stripHtml → extractText and document non-sanitiser status Adds a module docstring at the top of extractText.ts spelling out that this is text extraction, not XSS sanitisation, and that callers must rely on safeHtml() (DOMPurify) for security. Adds a Vitest test block with classic XSS-shaped payloads (<script>, <svg/onload>, <iframe srcdoc>, javascript: href) asserting that no markup is re-emitted, even though the module is explicitly not a sanitiser. Updates the two callers (/geschichten index, GeschichtenCard) to import from the new path. The collapse-whitespace pass also makes the regex fallback's output saner for excerpt rendering. Closes Nora's review B1 on PR #382. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-02 18:44:40 +02:00

Author

SHA1

Message

Date

Marcel

ad535e314b

refactor(extract-text): rename stripHtml → extractText and document non-sanitiser status

Adds a module docstring at the top of extractText.ts spelling out that this
is text extraction, not XSS sanitisation, and that callers must rely on
safeHtml() (DOMPurify) for security. Adds a Vitest test block with classic
XSS-shaped payloads (<script>, <svg/onload>, <iframe srcdoc>, javascript:
href) asserting that no markup is re-emitted, even though the module is
explicitly not a sanitiser.

Updates the two callers (/geschichten index, GeschichtenCard) to import
from the new path. The collapse-whitespace pass also makes the regex
fallback's output saner for excerpt rendering.

Closes Nora's review B1 on PR #382.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

2026-05-02 18:44:40 +02:00

1 Commits