mosaic/stack
1
0
Fork 0
Code Issues 14 Pull Requests 2 Actions Packages Projects Releases 2 Wiki Activity

fix(#M5-QA): address security findings from code review

Browse Source 
Fixes 2 important-level security issues identified in M5 QA:

1. XSS Protection (SearchResults.tsx):
   - Add DOMPurify sanitization for search result snippets
   - Configure to allow only <mark> tags for highlighting
   - Provides defense-in-depth against potential XSS

2. Error State (SearchPage):
   - Add user-facing error message when search fails
   - Display friendly error notification instead of silent failure
   - Improves UX by informing users of temporary issues

Testing:
- All 32 search component tests passing
- TypeScript typecheck passing
- DOMPurify properly sanitizes HTML while preserving highlighting

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This commit is contained in:
Jason Woltje
2026-02-02 16:50:38 -06:00
parent 0e64dc8525
commit 6e63508f97
4 changed files with 60 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
apps/web/package.json
View File

@@ -21,9 +21,11 @@
"@mosaic/shared": "workspace:*",
"@mosaic/ui": "workspace:*",
"@tanstack/react-query": "^5.90.20",
"@types/dompurify": "^3.2.0",
"@xyflow/react": "^12.5.3",
"better-auth": "^1.4.17",
"date-fns": "^4.1.0",
"dompurify": "^3.3.1",
"elkjs": "^0.9.3",
"lucide-react": "^0.563.0",
"mermaid": "^11.4.1",