fix(security): sanitize HTML content to prevent XSS attacks

Add DOMPurify to sanitize user-generated HTML in the preferences section before rendering with dangerouslySetInnerHTML.
2026-01-12 11:21:27 -05:00
parent aec68daec0
commit ae81206de7
3 changed files with 32 additions and 1 deletions
--- a/package.json
+++ b/package.json
@@ -23,6 +23,7 @@
    "axios": "^1.13.2",
    "better-sqlite3": "^12.4.1",
    "cheerio": "^1.1.2",
+    "dompurify": "^3.3.1",
    "drizzle-orm": "^0.45.1",
    "jsonwebtoken": "^9.0.2",
    "lexical": "^0.39.0",
@@ -34,6 +35,7 @@
  "devDependencies": {
    "@tailwindcss/postcss": "^4",
    "@types/better-sqlite3": "^7.6.13",
+    "@types/dompurify": "^3.0.5",
    "@types/jsonwebtoken": "^9.0.10",
    "@types/node": "^20",
    "@types/react": "^19",